Hi guys!
I would like to ask you for help.
I have big logs which contain a lot of entries such as:
2021-01-07 14:03:26.371 | FATAL
2021-01-07 14:03:26.371 | CRITICAL
2021-01-08 14:03:26.371 | FATAL
2021-01-08 15:03:26.371 | CRITICAL
2021-01-08 16:03:26.371 | WARNING
So, I need to count for each date the sum of FATAL and CRITICAL.
I use the script:
$items = Get-Content -Path d:\logs\*.log | select-string -pattern '(ERROR)|(FATAL)|(CRITICAL)'
$items | Group-Object
but only got the result:
Count Name Group
1 2021-01-07 13:03:26.37… {2021-01-07 13:03:26.371 | ERROR}
1 2021-01-07 13:03:26.37… {2021-01-07 13:03:26.371 | FATAL}
1 2021-01-08 13:03:26.37… {2021-01-08 13:03:26.371 | CRITICAL }
Is it possible to get like this?
Count Name
2 2021-01-07
1 2021-01-08
Thanks a lot in advance!
it looks better:
$items = Get-Content -Path d:\logs\*.log | select-string -pattern '(ERROR)|(FATAL)|(CRITICAL)'
$items | Group-Object {$_.Line.Split(' ')[0]}
Count Name Group
2 2021-01-07 {2021-01-07 13:03:26.371 | ERROR, 2021-01-07 13:03:26.371 | FATAL}
1 2021-01-08 {2021-01-08 13:03:26.371 | CRITICAL }
but how to avoid the Group column?
this even looks much better 
$items = Get-Content -Path d:\logs\*.log | select-string -pattern '(ERROR)|(FATAL)|(CRITICAL)'
$items | Group-Object {$_.Line.Split(' ')[0]} | Format-Table -Property Name,Count -HideTableHeaders
2021-01-07 2
2021-01-08 1
but is it possible to format the output like this
2021-01-07 = 2
2021-01-08 = 1
?
Thanks!
You will probably find using Select-String with the -Path parameter is quicker than using Get-Content. This will give your desired output format:
Select-String -Path E:\Temp\Files\testLog.txt -Pattern '(ERROR)|(FATAL)|(CRITICAL)' |
ForEach-Object {$_.Line.Split(' ')[0]} |
Group-Object |
ForEach-Object {Write-Output "$($_.Name) = $($_.Count)"}
This is all one line, I split it at the pipe symbol for readability on the forum.