by maryk at 2013-01-09 13:11:33
Hiby DonJ at 2013-01-09 13:29:28
I have a one liner that I am using to get specific event logs. See below
Get-EventLog -LogName APPLICATION | Where-Object { $.EventID -eq 33 -and $.EntryType -eq "warning" } | select ReplacementStrings
The output is as follows:
{Database1, [MBX:Smith, Jr., Mike][Inbox], 1eb0-142C94F, 1eb0-142C954, 1-1E78FAB5}
{Database1, [MBX:Smith, Jr., Mike][Calendar], EFb0-142C94F, 1eb0-142C953, 1-1E78FHB5}
{Database1, [MBX:Smith, Jr., Mike][Sent Items], DBb0-134C94F, 1eb0-142B954, 1-1E78FAB5}
{Database45, [MBX:Mary, Jane][Deleted Items], Eeb0-142C94F, 1eb0-142C94, 1-1E78FAB5}
How can I manipulate ReplacementStrings to only output Smith, Jr., Mike and Mary, Jane? In other words, I only need to output the displayname (e.g Smith, Jr., Mike) from inside [MBX:Smith, Jr., Mike] from each line?
Thanks
You won’t be able to easily do this in a one-liner. You’ll have to write a capturing regular expression, which basically means grabbing all of those strings, enumerating through them, and performing your regex. PowerShell doesn’t excel at that kind of string manipulation, at least not using built-in commands or operators, but it can be done with a regex.by nohandle at 2013-01-10 03:36:43
[quote="DonJ"]You won’t be able to easily do this in a one-liner.[/quote]by DonJ at 2013-01-10 08:04:12
It depends on what you consider easy This does not look so complicated, most of the lines are selecting the right properties.Get-EventLog -LogName APPLICATION |
Where-Object { ($.EventID -eq 33) -and ($.EntryType -eq "warning") } |
Select-Object -Property ReplacementStrings |
select-string -Pattern '(?<=[MBX])' |
Select-Object -ExpandProperty matches |
Select-Object -Property value
Maryk: Try if this works for you. If not let me know how it fails, please.
Yeah, I wouldn’t call that "easy" in terms of mentally parsing it. There’s times when shifting to a script approach can make something easier to read :).by nohandle at 2013-01-10 08:14:49
[quote="DonJ"]Yeah, I wouldn’t call that "easy" in terms of mentally parsing it. There’s times when shifting to a script approach can make something easier to read ] No doubt about that. Just showing it is possible and not that hard to do.by maryk at 2013-01-10 08:53:28
Jakub Jarešby nohandle at 2013-01-10 09:08:44
Your approach does not give me any output.
That is odd. The data are probably in different format. What if you take your original script and put -first 1 | gm
on the end? What do you get?
by maryk at 2013-01-10 09:24:54Here is what I get:by maryk at 2013-01-10 11:25:15
TypeName: Selected.System.Diagnostics.EventLogEntry
Name MemberType Definition
---- ---------- ----------
Equals Method bool Equals(System.Object obj)
GetHashCode Method int GetHashCode()
GetType Method type GetType()
ToString Method string ToString()
ReplacementStrings NoteProperty System.String ReplacementStrings=System.String
Here is another thing. If I do:by nohandle at 2013-01-11 02:30:48
Get-EventLog -LogName APPLICATION | Where-Object { ($.EventID -eq 10033) -and ($.EntryType -eq"warning") } | Select-Object -Property ReplacementStrings | Out-File c:\output.txt
Then:
Gc c:\output.txt | select-string -Pattern ‘(?<=[MBX])’ | foreach {$.matches}| select value
I get the results I need. What gives?
Sorry I assumed wrongly the input data are String but they were array of strings, expanding the Replacement strings should fix it.Get-EventLog -LogName APPLICATION |
Where-Object { ($.EventID -eq 33) -and ($_.EntryType -eq "warning") } |
Select-Object -ExpandProperty ReplacementStrings |
select-string -Pattern '(?<=[MBX])' |
Select-Object -ExpandProperty matches |
Select-Object -Property value
As Don pointed out, rewriting this in less one-liner manner is a good idea