Hi,
I have built a script that is triggered automatically whenever an event ID is registered in ‘application’ log.
I used to parse (using split) information from the event message to do staff with that. Now I have a newer version of the application that is writing to the event log and more info is in the message and thus the parsing breaks.
I am looking to find a better way to parse out the info that won’t break anymore.
For instance:
I am looking to pull a number after the bellow specific sentence.
Lets say:
$Data = $Event[0].Message # is the message data of the first appearance
I need to find the number inside this sentence that will always appear (just the number changes) but I don’t want to use split for spaces and choose the [6] as this changes.
Note: there are more numbers in $data I just need the one inside this sentence.
“A message with sequence number 17 has been sent”
Any ideas?
I think using a regular expression with a named capture group could help here.
if ($Event[0].Message -match 'sequence number (?\d+)')
{
'Sequence number found: {0}' -f $Matches.SequenceNumber
}
I hope that helps.
Best,
Daniel Krebs
Void is used to omit the Boolean output.
[void]($Event[0].Message -match "number (?'num'\d+)") ; $Matches['num']
Hi Daniel,
I tried the regex you suggested on an event that contains the following “A message with sequence number 18 has been sent”.
I need to assign the number ‘18’ to a var.
I did that: (added square brackets)
PS C:> $b -match ‘sequence number ([?\d+])’
True
How should I pull the number?
You’ve got two options to get the number. Please don’t add a square bracket to the regular expression pattern because some characters have a special meaning. You can learn about regular expressions here: http://www.regular-expressions.info/
I hope that helps.
Update: Using a Gist instead of embedded code.
Unfortunately the forum software removed some characters from the code I’ve embedded.
Please check below to see a valid example:
why don’t you want to split the spaces? Seems obvious in the sentence to do so.
Without regex it’s as simple as
‘one two 3 four’.split() | ? {$_ -as [int]}
PS C:> ($b -match “A message with sequence number ([?‘num’\d++])”)
True
PS C:> ($b -match “A message with sequence number (?‘num’\d++)”)
parsing “A message with sequence number (?‘num’\d++)” - Nested quantifier +.
At line:1 char:1
I got 2 Issues:
- I tried the regex without the but I get the above error.
- When I try with the and pipe $matches I get a wrong number ‘1’ instead of ‘18’
PS C:\Users\oferg> [void]($b -match “A message with sequence number ([?‘num’\d++])”); $Matches
Name Value
1 1
0 A message with sequence number 1
Sorry for nagging or not getting the right picture.
Hi Dan,
In my initial script I used split to spaces and picked the right position, but as I said the whole message has changed and added more words so I need a bullet proof to catch the number I need. The whole event log message has few number in it, I only need the on e that has the sentence prefixed I mentioned.
Just the same only a tad longer.
(“A message with sequence number 17 has been sent” -split 'sequence number ')[1].split() | ? {$_ -as [int]}
Here with more text for demonstration. String manipulation doesn’t have to be complicated.
$event = @"
this is my full message
A message with sequence number 17 has been sent
end message
"@
($event -split 'sequence number ')[1].split() | ? {$_ -as [int]}
Hi Dan,
That really helped thank you very much I appreciate this.
And thanks for all other here.
What is the string you need to search through? Would this be an example: “sequence number [17]”?
I would go for regexp as suggested, but brackets and other characters have special meaning.
$String = "sequence number [17]"
if ($String -match "sequence number \[(\d+)\]") {
Write-Host $Matches[1]
}
This will print the number 17. If you do not understand the above code you could read more about regexp here (as suggested): http://www.regular-expressions.info/