我正在使用foreach循环搜索大量日志,以查找字符串($text),目前将整行输出到输出文件($logfile)
Get-ChildItem "\$server$Path" -Filter "*.log" |select-string -pattern $text |select -expandproperty line |out-file $logfile -append
其中一个日志文件的样例行可能如下所示
May 25 04:08:36.640 2016 AUDITOF GUID 1312.2657.11075.54819.13021094807.198 opened by USER
where$text = "opened by USER"
所有这些都工作得很好,它吐出了包含$text的每个日志文件的每一行,这很棒。
但. .我想要做的是获得日期、时间和GUID的输出。Guid可以更改格式,长度等,但它总是有点,并且总是在GUID (space)之后和(space) opened之前
简而言之,我正在尝试使用向后看(或向前看)或匹配来正则化,这会返回类似于$logfile
的内容May 25 04:08:36.640 2016,1312.2657.11075.54819.13021094807.198
感谢任何帮助。我讨厌正则表达式。
一种方法是这样做
$result = Get-ChildItem "\$server$Path" -Filter "*.log" -File |
Select-String -Pattern $text -SimpleMatch |
Select-Object -ExpandProperty Line |
ForEach-Object {
if ($_ -match '([a-z]{3,}s*d{2}s*d{2}:d{2}:d{2}.d{3}s*d{4}).*GUID ([d.]+)') {
'{0},{1}' -f $matches[1], $matches[2]
}
}
$result | Out-File $logfile -Append
解释:
- 我添加开关
-SimpleMatchSelect-Stringcmdlet,因为它似乎你想匹配$text完全,因为它不使用正则表达式那里,这将是最好的选择。 Select-Object -ExpandProperty Line可以返回匹配行的数组,所以我将其管道到ForEach-Object以循环if (..)使用正则表达式-match,如果该条件为$true,则执行花括号内的内容。
同样,这个测试(如果$true)自动设置一个$matches对象数组,我们使用这些匹配输出逗号分隔的行,然后将其收集到变量$result中。最后,我们简单地将$result输出到文件
Regex细节:
( Match the regular expression below and capture its match into backreference number 1
[a-z] Match a single character in the range between “a” and “z”
{3,} Between 3 and unlimited times, as many times as possible, giving back as needed (greedy)
s Match a single character that is a “whitespace character” (spaces, tabs, line breaks, etc.)
* Between zero and unlimited times, as many times as possible, giving back as needed (greedy)
d Match a single digit 0..9
{2} Exactly 2 times
s Match a single character that is a “whitespace character” (spaces, tabs, line breaks, etc.)
* Between zero and unlimited times, as many times as possible, giving back as needed (greedy)
d Match a single digit 0..9
{2} Exactly 2 times
: Match the character “:” literally
d Match a single digit 0..9
{2} Exactly 2 times
: Match the character “:” literally
d Match a single digit 0..9
{2} Exactly 2 times
. Match the character “.” literally
d Match a single digit 0..9
{3} Exactly 3 times
s Match a single character that is a “whitespace character” (spaces, tabs, line breaks, etc.)
* Between zero and unlimited times, as many times as possible, giving back as needed (greedy)
d Match a single digit 0..9
{4} Exactly 4 times
)
. Match any single character that is not a line break character
* Between zero and unlimited times, as many times as possible, giving back as needed (greedy)
GUID Match the characters “GUID ” literally
( Match the regular expression below and capture its match into backreference number 2
[d.] Match a single character present in the list below
A single digit 0..9
The character “.”
+ Between one and unlimited times, as many times as possible, giving back as needed (greedy)
)
使用Pattern属性过滤文件内容
$string=Select-String -Path .batchvariables.bat -Pattern 'TEST_VERSION=(.*)'
$string.Matches.groups[1].value