Slicing and Dicing Log files Part 2


In the last post we showed you how you could slice and dice a log file using some of the common powershell command lets and properties of the STring class.

For this post we’ll continue showing how you can use some of the methods in the string class to do other Neat things with your log files.

Lets begin with the IndexOf command.   We’ll begin with using our same filterediislog.txt that we used from the previous post.

image

With the handy help of ISE we can see there are several means to call indexof for a string.  Using this as our base we’ll find the first index of the charater ‘c’.

PS Variable:\> $file.indexof('c')
31

PS Variable:\>

AS we can see the first instace of ‘c’ is at postion 31 in our log file. Now if we want to select the next three chars after the letter see we can use:

$file.Substring($file.IndexOf('c'),3)

In the example above we are using our file we read in with Get-Content –raw and then getting the first instance of the letter c which provides the value to substring for the starting character.  Then our requirement was to select the next three characters.

Conversely if we wanted to get the 3 characters before the letter ‘c’ we could use the function in the same fashion, using some math on the index value.

PS Variable:\> ($file.indexof('c')) - 3
28

PS Variable:\> $file.Substring(($file.IndexOf(‘c’) – 3), 3)
/t/

Now we can take the same method indexof and use the string value in our logfile the word departments is contained in it. We’re going to search for this word and return where it is in the string

PS C:\inetpub\logs\LogFiles\W3SVC1> $file.IndexOf('departments')
22260

As we can see from the query this word is in the $file at position 22260.

Expanding on this function if we know that we have the word GET in our log file we can search for this using indexof:

PS C:\inetpub\logs\LogFiles\W3SVC1> $file.IndexOf('get')
-1

In the case above it gave us a –1 as a return result which means it couldn’t find it.  But if we inspect the method invocation a little closer we can see that we can pass a string comparison type.  Since this is a Dot net method we’ll need to enclose this type in our call.

PS C:\inetpub\logs\LogFiles\W3SVC1> $file.IndexOf('get',[System.StringComparison]::OrdinalIgnoreCase)
24

As you can see this is the object type we need to pass to this method [System.StringComparison]::OrdinalIgnoreCase . By looking up this method we can see that the function will ignore case which instead of a minus 1 we got the return result for where the ‘get’ item is in our logfile.

To be continued……

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s