Extracting data from logdile

PowerShell Help
1

Hi, im stuck and need some help. I got a logfile that i want to extract a date from, and error messages. I’ve created two regex filters. I only want thoose lines matching both patterns and put them in a custom object. Below is a example of a line i want:

[2016-09-02 23:08:00:366 CEST] 00000016 ThreadMonitor W   WSVR0605W: Thread "WebContainer : 0" (00000023) has been active for 646873 milliseconds and may be hung.  There is/are 1 thread(s) in total in the server that may be hung.

This is my code so far:

$str = Get-Content 'C:\Temp\SystemOut_16.09.03_23.00.00.log'
$linescount = $str.Count
$datetime = (Get-Content 'C:\Temp\SystemOut_16.09.03_23.00.00.log' | Select-String -Pattern '\d+-\d+-\d+\W\d+\W\d+\W\d+\W\d+').Matches.Value
$message = (Get-Content 'C:\Temp\SystemOut_16.09.03_23.00.00.log' | Select-String -Pattern 'ThreadMonitor(.*)').Matches.value


Add-Type @'
public class WS
{
    public string dateTime;
    public string message;
}
'@

$ObjWS = @()

for($i=0;$i -lt ($linescount);$i++){

    
$objTemp = New-Object WS

            
            $objTemp.DateTime = $dateTime[$i]
            $objTemp.Message = $message[$i]
            
            
            $ObjWS += $objTemp
        }
            

    
    Return $ObjWS

And the outpu looks like this:

dateTime                message                                                                                                                                                                                                       
--------                -------                                                                                                                                                                                                       
2016-09-02 23:01:36:021 ThreadMonitor W   WSVR0605W: Thread "WebContainer : 0" (00000023) has been active for 646873 milliseconds and may be hung.  There is/are 1 thread(s) in total in the server that may be hung.                 
2016-09-02 23:02:45:517 ThreadMonitor W   WSVR0606W: Thread "WebContainer : 0" (00000023) was previously reported to be hung but has completed.  It was active for approximately 6135706 milliseconds.  There is/are 0 thread(s) in...
2016-09-02 23:08:00:366 ThreadMonitor W   WSVR0605W: Thread "WebContainer : 0" (00000023) has been active for 628247 milliseconds and may be hung.  There is/are 1 thread(s) in total in the server that may be hung.                 
2016-09-03 00:39:29:199 ThreadMonitor W   WSVR0606W: Thread "WebContainer : 0" (00000023) was previously reported to be hung but has completed.  It was active for approximately 1389169 milliseconds.  There is/are 0 thread(s) in...
2016-09-03 02:06:02:401                                                                                                                                                                                                               
2016-09-03 02:06:03:228                                                                                                                                                                                                               
2016-09-03 02:17:00:709....
2

Hi,

maybe this helps:

$str = Get-Content 'C:\Temp\SystemOut_16.09.03_23.00.00.log'
$Output = foreach ($Line in $str) {
    $Line -match '(\d+-\d+-\d+\W\d+\W\d+\W\d+\W\d+).*(ThreadMonitor.*)$' | Out-Null
    [PSCustomObject]@{
        dateTime = $Matches[1]
        message = $Matches[2]
    }
}
$output
3

Thanks Olaf, you pointed me in the right direction! This is the final result:

$str = Get-Content 'C:\Temp\SystemOut_16.09.03_23.00.00.log'
$Output = foreach ($Line in $str) {
    if($Line -match '(\d+-\d+-\d+\W\d+\W\d+\W\d+\W\d+).*(ThreadMonitor.*)$') {
    [PSCustomObject]@{
        dateTime = $Matches[1]
        message = $Matches[2]
    }
}}
$output