Re: Using MSH to parse Freeformat logs into a table
- From: "Adam Barr [MSFT]" <adamba@xxxxxxxxxxxxx>
- Date: Wed, 12 Oct 2005 16:00:11 -0700
"Jouko Kynsijärvi" <jouko.kynsijarvi@xxxxxxxxxxxxx> wrote in message
news:O4XIVNzzFHA.1032@xxxxxxxxxxxxxxxxxxxxxxx
> kbeigan@xxxxxxxxxxx wrote:
>> Gday fellow MSH hackers,
>>
>> I'm trying to find a nice neat way of parsing lines of freeformat logs
>> into a table like structure who's columns are strongly datatyped thus
>> facilitating more advanced scrutiny.
>>
>> For example: a typical line from the freeformat text looks something
>> like this:-
>>
>> 10-Oct-05 07:50:18.016 (170 1224 5148) fscdiag.exe:fscconn.c,v:281:
>> select fail - timeout connecting to rtu 4, link 1
>>
>> Namely three columns, 1) [Date], 2) [Time], 3 description [string].
>>
>> The only way i've thought of doing this via MSH scripting it to
>> develop a Cmdlet to tokenise each each line into the columns from a
>> pipeline. However as I'm new to MSH , and it seem to be a powerful
>> beast & one can only assume that this shell can already handle this
>> simple task and due to my ignorance I haven't yet fathomed this out
>> via the limited help that out there.
>
> You could create a filter like the following to turn this into a stream of
> objects:
>
> filter Parse-Log() {
> $obj = New-Object Management.Automation.MshObject
> $culture = New-Object Globalization.CultureInfo 'en-US'
> $date = [DateTime]::ParseExact($_.Substring(0, 23), 'dd-MMM-yy
> HH:mm:ss.fff', $culture)
> $prop = New-Object Management.Automation.MshNoteProperty 'Date', $date
> $obj.MshObject.Properties.Add($prop)
> $text = $_.Substring(23).Trim()
> $prop = New-Object Management.Automation.MshNoteProperty 'Text', $text
> $obj.MshObject.Properties.Add($prop)
> $obj
> }
>
> (One could of course use regular expressions for date parsing, also.)
>
> And use it like this:
>
> MSH> get-content log.txt | parse-log
>
> MSH> get-content log.txt | parse-log | where { $_.Date -gt
> [DateTime]::Now.AddDays(-2) }
>
>
As an example of using regular expressions, you could use the grouping
support in .Net regular expressions, which stores the matches in the
$matches variable, to parse through the line and save the results. Assuming
the data was in a file called log.txt, then you could say:
switch -file log.txt -regex {
"^\s*(\d\d-\w\w\w-\d\d)\s*(\d\d:\d\d:\d\d\.\d\d\d)(.*)" {
write-host "DATE" $matches[1] "TIME" $matches[2] "DESCRIPTION"
$matches[3]
}
}
which in your example outputs:
DATE 10-Oct-05 TIME 07:50:18.016 DESCRIPTION (170 1224 5148)
fscdiag.exe:fscconn.c,v:281: select fail - timeout connecting to rtu 4, link
1
Of course you can tweak the regex as you see fit.
You could then add notes to an MshObject as Jouko described.
- adam
Microsoft Command Shell Program Management
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- References:
- Using MSH to parse Freeformat logs into a table
- From: kbeigan
- Re: Using MSH to parse Freeformat logs into a table
- From: Jouko Kynsijärvi
- Using MSH to parse Freeformat logs into a table
- Prev by Date: set file ownership through VBScript
- Next by Date: Re: [MSH] Bug: cut & paste with tabs
- Previous by thread: Re: Using MSH to parse Freeformat logs into a table
- Next by thread: Re: Using MSH to parse Freeformat logs into a table
- Index(es):
Relevant Pages
|
