Parsing Logfiles With Regular Expressions

by Mar 19, 2009

Regular expressions are a powerful but somewhat complex mechanism to match and find patterns in text files. However, it is not always necessary to dig deep into regular expressions. Take a look at the following example, which reads a log file using Get-Content.

Remember that Get-Content reads text line by line, returning an array. This is why the code can use Where-Object and the simple -like operator to kick out any line not containing a specific key word:

Get-Content $env:windirwindowsupdate.log |
Where-Object { $_ -like '*WARNING*' }

The -like operator does not require complex regular expressions so you can use all the simple wildcards you already know from filesystem operations.

You can then use regular expressions to separate the individual information since the returned lines from your log file are tab-separated. To accomplish this, the code uses the -match operator. If a match is found, -match returns $true and the separated information is available in $matches.

The code then creates a result variable by adding some properties to a simple number using Select-Object. The information is then stored in the result variable and returned.

Get-Content $env:windirwindowsupdate.log |
Where-Object { $_ -like '*WARNING*' } |
Where-Object { $_ -match '(.*?)t(.*?)t(.*?)t(.*?)t(.*?)t(.*)' } |
ForEach-Object {
$result = 1 | Select-Object Date, Time, Origin, Message
$result.Date = $matches[1]
$result.Time = $matches[2]
$result.Message = $matches[6]
$result.Origin = $matches[5]