asked on Creating Script to Search Text-based Log File for Strings then Output Timestamp for Each
Hey Guys -
I need some assistance creating a script, please, and really don't know where to begin...
What I'm Trying to Do
What I'd like to do is create a script which would prompt you for a hostname, then search a single log file for about 8 different unique strings which represent milestones of the process. Once each string is found, it should save the timestamp from that line until all have been found. Finally, it should output a list of the predefined milestones and place the captured timestamps next to each. Below is an example of the type of output I'm looking for:
Script Output Example
System Hostname: Workstation1
System Build Started at 1:27pm
- UDI Starts: 1:28pm
- UDI Completes: 1:50pm
- Downloading WIM: 2:41pm
- WIM Applied to Disk: 3:32pm
etc...
I've played around with a few things with PowerShell so far and can find certain strings and save them as variables, but can't figure out how to tell PS to save the timestamp into a variable yet. :(
Explanation
The vast majority of work I do is with SCCM in which almost everything has its own log file as the client on each workstation alone has 120+ log files. For those not familiar with OSD, the primary log file it uses is named smsts.log which is easy to read when viewed in CMTrace, but when viewed with a text editor is formatted as shown below:
Snippet of smsts.log When Viewed in Text Editor
I've gone through a few of these logs from different systems and located common log entries for each major milestone of the OSD process. For example, searching the log for the line that includes "Installing software for PackageID='AHS000F3'" will only result in one line and would represent a certain application being installed. So far, I've identified a unique string for each of the 8 milestones I have planned for.
Extra Credit
I don't know how much more difficult this would be, but if possible to take it one step further and instead of listing the timestamp, listing the 1st milestone as 0:00:00 and then each milestone thereafter displaying just the difference in time between it occurring and when it started (so you can see exactly how long it too to reach certain stages without math), that would be ideal. If you have an idea for how to do that without too much additional scripting please fill me in.
Thanks Guys - I appreciate the help!
I need some assistance creating a script, please, and really don't know where to begin...
What I'm Trying to Do
What I'd like to do is create a script which would prompt you for a hostname, then search a single log file for about 8 different unique strings which represent milestones of the process. Once each string is found, it should save the timestamp from that line until all have been found. Finally, it should output a list of the predefined milestones and place the captured timestamps next to each. Below is an example of the type of output I'm looking for:
Script Output Example
System Hostname: Workstation1
System Build Started at 1:27pm
- UDI Starts: 1:28pm
- UDI Completes: 1:50pm
- Downloading WIM: 2:41pm
- WIM Applied to Disk: 3:32pm
etc...
I've played around with a few things with PowerShell so far and can find certain strings and save them as variables, but can't figure out how to tell PS to save the timestamp into a variable yet. :(
Explanation
The vast majority of work I do is with SCCM in which almost everything has its own log file as the client on each workstation alone has 120+ log files. For those not familiar with OSD, the primary log file it uses is named smsts.log which is easy to read when viewed in CMTrace, but when viewed with a text editor is formatted as shown below:
Snippet of smsts.log When Viewed in Text Editor
<![LOG[Disable: ]LOG]!><time="12:22:26.701+360" date="08-08-2016" component="TSManager" context="" type="1" thread="1528" file="tsxml.cpp:488">
<![LOG[Run in attribute: WinPEandFullOS]LOG]!><time="12:22:26.701+360" date="08-08-2016" component="TSManager" context="" type="1" thread="1528" file="tsxml.cpp:496">
<![LOG[Timeout: ]LOG]!><time="12:22:26.701+360" date="08-08-2016" component="TSManager" context="" type="1" thread="1528" file="tsxml.cpp:500">
<![LOG[DefaultVarlist found]LOG]!><time="12:22:26.701+360" date="08-08-2016" component="TSManager" context="" type="1" thread="1528" file="tsxml.cpp:583">
<![LOG[No variables found in default variable list]LOG]!><time="12:22:26.701+360" date="08-08-2016" component="TSManager" context="" type="1" thread="1528" file="tsxml.cpp:610">
I've gone through a few of these logs from different systems and located common log entries for each major milestone of the OSD process. For example, searching the log for the line that includes "Installing software for PackageID='AHS000F3'" will only result in one line and would represent a certain application being installed. So far, I've identified a unique string for each of the 8 milestones I have planned for.
Extra Credit
I don't know how much more difficult this would be, but if possible to take it one step further and instead of listing the timestamp, listing the 1st milestone as 0:00:00 and then each milestone thereafter displaying just the difference in time between it occurring and when it started (so you can see exactly how long it too to reach certain stages without math), that would be ideal. If you have an idea for how to do that without too much additional scripting please fill me in.
Thanks Guys - I appreciate the help!
PowershellScripting Languages
Last Comment
oBdA
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Reasonably certain that the script provided parses the log files as required, including the time offset.