Parse LOG File by Date Range

Hello

I am trying to parse a log file for entries with in the last 24 hours an keep getting an error.

heres is a smaple line form the log (chocolatey) :

2015-10-20 22:29:51,313 [DEBUG] - Attempting to delete file “C:\ProgramData\chocol
atey.chocolatey\teamviewer.10.0.43174.sxs”.

here is the error I am getting:
Exception calling “ParseExact” with “3” argument(s): “String was not recognized
as a valid DateTime.”

here i sthe code I am using.

 

$FilePath = "C:\ProgramData\chocolatey\logs\chocolatey.log"
$Strings = '[ERROR] -'


$data = Get-Content $filepath # logfile path

write-host '------------------------------------------------------'
write-host '------------------------------------------------------'
write-host Total lines read from file $data.count # printing stats of
write-host '------------------------------------------------------'

$match_string = ''
$IsMatchingRecordFound = ''
#looping throgh all lines
foreach ($line in $data)
{    
    #fetching date and converting into string format
    [DateTime]$date = [DateTime]::ParseExact($line.substring(1, 21), "MMddyyyy-HH:mm:ss:fff", (New-Object System.Globalization.CultureInfo "en-US"))
    
    #comparing date date with start and end 
    if (($date -gt $StartDate) -and ($date -lt $EndDate)) 
    {            
        #matching string and array from file data
        $match_string =   $line | Select-String -Pattern $Strings -SimpleMatch 
        $match_string
        if([string]::IsNullOrEmpty($match_string)) 
        {                                       
        } 
        else 
        {            
                $IsMatchingRecordFound="Yes"            
        }
    } 
    $match_string=''
} 



IF([string]::IsNullOrEmpty($IsMatchingRecordFound)) 
{                                       
    write-host 'No Records Found.'
}

String was not recognized as a valid DateTime.

check to see if there is a difference between these two.

([datetime]$startdate).gettype()

($startdate).gettype()

I also don’t see anywhere $startdate is declared in this script.

check your variables
after you get that error type each variable in the console and see what they return…

$date
$startdate
$enddate

your right sorry I left that part out

 
 $StartDate = (Get-Date -Hour 0 -Minute 0 -Second 0 -Millisecond 0)

  $EndDate = (Get-Date -Hour 23 -Minute 59 -Second 59 -Millisecond 999)

no errors are generated from the variables

here is what I am getting from ($startdate).gettype()

IsPublic IsSerial Name BaseType

True True DateTime System.ValueType

First, your substring is not getting all of the Date information based on your sample:

$line = '2015-10-20 22:29:51,313 [DEBUG] – Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\teamviewer.10.0.43174\.sxs".'
$line.substring(1, 21)

Results:
015-10-20 22:29:51,31

You need to adjust your substring to get all, and just the date value.

$line = '2015-10-20 22:29:51,313 [DEBUG] – Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\teamviewer.10.0.43174\.sxs".'
$line.substring(0, 19)

Results:
2015-10-20 22:29:51

Or you may want to use -split and just get the value before the first comma like this. Just in case the date value uses single digits at times such as 2015-5-20 22:29:51. You would have to add additional code to dynamically adjust the length for substring in this case. Using -split no dynamic length needs to be calculated.

$line = '2015-10-20 22:29:51,313 [DEBUG] – Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\teamviewer.10.0.43174\.sxs".'
($line -split ',')[0]

Results:
2015-10-20 22:29:51

Then instead of using ParseExact you can use Get-Date

$line = '2015-10-20 22:29:51,313 [DEBUG] – Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\teamviewer.10.0.43174\.sxs".'
$date = Get-Date ($line -split ',')[0]
$date
$date.GetType().Name

Results:
Tuesday, October 20, 2015 10:29:51 PM
DateTime

ok Thanks I will make the changes and let you know