问题描述
我正在使用 foreach 循环为字符串 ($text) 搜索大量日志,目前正在将整行输出到输出文件 ($logfile)
Get-ChildItem "\\$server\$Path" -Filter "*.log" |select-string -pattern $text |select -expandproperty line |out-file $logfile -append
May 25 04:08:36.640 2016 AUDITOF GUID 1312.2657.11075.54819.13021094807.198 opened by USER
哪里$text = "opened by USER"
所有这些工作正常,它会吐出每个日志文件的每一行,其中包含很棒的 $text。
但是.. 我想我想做的是获得日期时间和 GUID 的输出。 Guid 可以改变格式、长度等,但它总是有点,并且总是跟在 GUID (space)
之后,在 (space) opened
简而言之,我正在尝试使用后视(或前瞻)或匹配来正则表达式,这将返回类似这样的内容到 $logfile
2016 年 5 月 25 日 04:08:36.640,1312.2657.11075.54819.13021094807.198
任何帮助表示赞赏。我对正则表达式很糟糕。
解决方法
一种方法是这样做
$result = Get-ChildItem "\\$server\$Path" -Filter "*.log" -File |
Select-String -Pattern $text -SimpleMatch |
Select-Object -ExpandProperty Line |
ForEach-Object {
if ($_ -match '([a-z]{3,}\s*\d{2}\s*\d{2}:\d{2}:\d{2}\.\d{3}\s*\d{4}).*GUID ([\d.]+)') {
'{0},{1}' -f $matches[1],$matches[2]
}
}
$result | Out-File $logfile -Append
说明:
- 我在
-SimpleMatch
cmdlet 中添加了 switchSelect-String
,因为您似乎想要完全匹配$text
并且因为它没有在那里使用正则表达式,所以这将是最好的选择。 -
Select-Object -ExpandProperty Line
可以返回匹配行的数组,因此我将其通过管道传递给ForEach-Object
进行循环 -
if (..)
使用正则表达式-match
,如果条件为 $true,我们会执行大括号内的任何操作。
此外,这个测试(如果 $true)会自动设置一个 $matches 对象数组,我们使用这些匹配来输出逗号分隔的行,然后将其收集在变量 $result 中。 - 最后我们简单地将 $result 输出到一个文件
正则表达式详情:
( Match the regular expression below and capture its match into backreference number 1
[a-z] Match a single character in the range between “a” and “z”
{3,} Between 3 and unlimited times,as many times as possible,giving back as needed (greedy)
\s Match a single character that is a “whitespace character” (spaces,tabs,line breaks,etc.)
* Between zero and unlimited times,giving back as needed (greedy)
\d Match a single digit 0..9
{2} Exactly 2 times
\s Match a single character that is a “whitespace character” (spaces,giving back as needed (greedy)
\d Match a single digit 0..9
{2} Exactly 2 times
: Match the character “:” literally
\d Match a single digit 0..9
{2} Exactly 2 times
: Match the character “:” literally
\d Match a single digit 0..9
{2} Exactly 2 times
\. Match the character “.” literally
\d Match a single digit 0..9
{3} Exactly 3 times
\s Match a single character that is a “whitespace character” (spaces,giving back as needed (greedy)
\d Match a single digit 0..9
{4} Exactly 4 times
)
. Match any single character that is not a line break character
* Between zero and unlimited times,giving back as needed (greedy)
GUID\ Match the characters “GUID ” literally
( Match the regular expression below and capture its match into backreference number 2
[\d.] Match a single character present in the list below
A single digit 0..9
The character “.”
+ Between one and unlimited times,giving back as needed (greedy)
)