解析自定义日志文件

时间:2016-08-11 08:52:14

标签: regex powershell powershell-v2.0 logfile-analysis

我有一个日志文件(* .log)我希望解析和查询如下:

Line 33043: 17/07/2016;13:26:45;GetMasterOrderNo;Master Order No is :  1117103907 for SoSupplierOrderNo, 1117103907
Line 33048: 17/07/2016;13:26:45;AddAutoPurchHdr;Could not save PurchHdr record - The supplier order number has already been used in Delivery Note No.1117103907 (Order No.1117103907), Supplier SupplierName(51)
Line 33049: 17/07/2016;13:26:45;ImportASN;ConvertASNFiles: Failed to import GRN1171_0000700384_1117103907.xml.  Could not save PurchHdr record - The supplier order number has already been used in Delivery Note No.1117103907 (Order No.1117103907), Supplier SupplierName(51)

我想要做的是用标题分割每一行,如下所示:

  • 线,
  • 日期,
  • 时间,
  • 类型,
  • 说明

...所以我可以对此进行查询。

这样做的最佳方式是什么?

3 个答案:

答案 0 :(得分:6)

您可以使用正则表达式捕获这些字段:

$content = Get-Content 'your_log_path' -raw
$regex = 'Line\s+(\d+):\s+([^;]+);([^;]+);([^;]+);(.+)'
[regex]::Matches($content, $regex) | ForEach-Object {
    [PsCustomObject]@{
        Line = $_.Groups[1].Value
        Date = $_.Groups[2].Value
        Time = $_.Groups[3].Value
        Type = $_.Groups[4].Value
        Description = $_.Groups[5].Value
    }
}

<强>输出: 

Line        : 33043
Date        : 17/07/2016
Time        : 13:26:45
Type        : GetMasterOrderNo
Description : Master Order No is :  1117103907 for SoSupplierOrderNo, 1117103907

Line        : 33048
Date        : 17/07/2016
Time        : 13:26:45
Type        : AddAutoPurchHdr
Description : Could not save PurchHdr record - The supplier order number has already been used in Delivery Note No.1117103907 (Order No.1117103907), Supplier SupplierName(51)

Line        : 33049
Date        : 17/07/2016
Time        : 13:26:45
Type        : ImportASN
Description : ConvertASNFiles: Failed to import GRN1171_0000700384_1117103907.xml.  Could not save PurchHdr record - The supplier order number has already been used in Delivery Note 
              No.1117103907 (Order No.1117103907), Supplier SupplierName(51)

<强>正则表达式: 

Line\s+(\d+):\s+([^;]+);([^;]+);([^;]+);(.+)

Regular expression visualization

答案 1 :(得分:6)

对马丁的非常好的答案稍作解决。 [PSCustomObject]构造在powershell v2主机上不起作用。

$content = Get-Content 'your_log_path' -raw
$regex = 'Line\s+(\d+):\s+([^;]+);([^;]+);([^;]+);(.+)'
[regex]::Matches($content, $regex) | ForEach-Object {
    $obj = New-Object PSObject
    $obj | Add-Member -MemberType NoteProperty -Name Line -Value $_.Groups[1].Value
    $obj | Add-Member -MemberType NoteProperty -Name Date -Value $_.Groups[2].Value
    $obj | Add-Member -MemberType NoteProperty -Name Time -Value $_.Groups[3].Value
    $obj | Add-Member -MemberType NoteProperty -Name Type -Value $_.Groups[4].Value
    $obj | Add-Member -MemberType NoteProperty -Name Description -Value $_.Groups[5].Value
    $obj
}

答案 2 :(得分:0)

使用带有名称的Regex捕获组来为自定义对象创建哈希表键:

Get-Content log.txt | ForEach {
    $_ -match '^Line (?<Line>\d+): (?<Day>..)/(?<Month>..)/(?<Year>....);(?<Time>.*?);(?<Type>.*?);(?<Message>.*)$'

    # Cast date and line to useful types (optional)
    $Matches['Date'] = Get-Date ($Matches['Year']+'-'+$Matches['Month']+'-'+$Matches['Day']+' '+$Matches['Time'])
    $Matches['Line'] = [int]$Matches['Line']

    New-Object -Type PSCustomObject -Property $Matches
}
相关问题
最新问题