Powershell find pattern in each log files, not all together.

Dear expert

Please read the code below, but I dont think this is right tho, logically, I want if variable $resultSMAA find $Pattern and $PatternSMAA in one of the same log file, the $SMAAcheck will be 1. I think right now its searching all the files in $Path with the $time limitation... Anyone can correct this error for me? Thanks

$time = (Get-Date).AddDays(-1)
$Pattern = "Error"
$PatternSMAA = "UIFSMAAMbr"
$PatternLED = "UIFLEDMbr"
$PatternST = "UIFSTbr"
$PatternFFA = "UIFFFAMbr"
$Path = "\\server\logs"
$resultSMAA = Get-ChildItem -Path $Path *.* -Recurse | where-Object {$_.LastWriteTime -gt $time} | Select-String -Pattern $Pattern, $PatternSMAA
$resultLED = Get-ChildItem -Path $Path *.* -Recurse | where-Object {$_.LastWriteTime -gt $time} | Select-String -Pattern $Pattern, $PatternLED
$resultST = Get-ChildItem -Path $Path *.* -Recurse | where-Object {$_.LastWriteTime -gt $time} | Select-String -Pattern $Pattern, $PatternST
$resultFFA = Get-ChildItem -Path $Path *.* -Recurse | where-Object {$_.LastWriteTime -gt $time} | Select-String -Pattern $Pattern, $PatternFFA

if ($resultSMAA -eq $Pattern, $PatternSMAA) {$SMAAcheck=1}
else{$SMAAcheck=0}
if ($resultST -eq $Pattern, $PatternST) {$STcheck=1}
else{$STcheck=0}
if ($resultLED -eq $Pattern, $PatternLED) {$LEDcheck=1}
else{$LEDcheck=0}
if ($resultFFA -ne $Pattern, $PatternFFA) {$FFAcheck=1}
else{$FFAcheck=0}
$SMAAcheck
$STcheck
$LEDcheck
$FFAcheck

Open in new window

LVL 1
WeTiAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

WeTiAuthor Commented:
I tried this way... not working

$time = (Get-Date).AddDays(-1)
$Pattern = "error"
$PatternSMAA = "UIFSMAAMbr"
$PatternLED = "UIFLEDMbr"
$PatternST = "UIFSTbr"
$PatternFFA = "UIFFFAMbr"
$Path = "\\server\logs"
Get-ChildItem -Path $Path *.* -Recurse | where-Object {$_.LastWriteTime -gt $time} #| Select-String -Pattern $Pattern, $PatternSMAA
ForEach-Object { 
$resultSMAA = Select-String -Pattern $Pattern, $PatternSMAA
$resultLED = Select-String -Pattern $Pattern, $PatternLED
$resultST = Select-String -Pattern $Pattern, $PatternST
$resultFFA = Select-String -Pattern $Pattern, $PatternFFA
}
if ($resultSMAA) {$SMAAcheck=1}
else{$SMAAcheck=0}
if ($resultST) {$STcheck=1}
else{$STcheck=0}
if ($resultLED) {$LEDcheck=1}
else{$LEDcheck=0}
if ($resultFFA) {$FFAcheck=1}
else{$FFAcheck=0}
$SMAAcheck
$STcheck
$LEDcheck
$FFAcheck

Open in new window

0
footechCommented:
This may be possible to optimize further, but from my testing it's functional.  Some optimizations it does include are:
 - building the list of files that match the date check only once
 - using the list of files to check for the initial pattern to build another list
 - then from that list, checking for the other patterns you're looking for
This would be more efficient than building up from scratch each time.
Your original code also searched for one pattern OR another, instead of AND.
$time = (Get-Date).AddDays(-1)
$Pattern = "Error"
$PatternSMAA = "UIFSMAAMbr"
$PatternLED = "UIFLEDMbr"
$PatternST = "UIFSTbr"
$PatternFFA = "UIFFFAMbr"
$Path = "\\server\logs"
$files = Get-ChildItem -Path $Path *.* -Recurse -File | Where-Object {$_.LastWriteTime -gt $time} | Select -ExpandProperty FullName
$MatchingFiles = @()
$files | ForEach `
{
    foreach ($line in (Get-Content $_ -ReadCount 250))
    {
        If ( $line -match $pattern )
        { $MatchingFiles += $_; break }
    }
}

$resultSMAA = @($MatchingFiles | ForEach `
{
    foreach ($line in (Get-Content $_ -ReadCount 250))
    {
        If ( $line -match $PatternSMAA )
        { $_; break }
    }
})
$resultLED = @($MatchingFiles | ForEach `
{
    foreach ($line in (Get-Content $_ -ReadCount 250))
    {
        If ( $line -match $PatternLED )
        { $_; break }
    }
})
$resultST = @($MatchingFiles | ForEach `
{
    foreach ($line in (Get-Content $_ -ReadCount 250))
    {
        If ( $line -match $PatternST )
        { $_; break }
    }
})
$resultFFA = @($MatchingFiles | ForEach `
{
    foreach ($line in (Get-Content $_ -ReadCount 250))
    {
        If ( $line -match $PatternFFA )
        { $_; break }
    }
})

if ($resultSMAA.count -gt 0) {$SMAAcheck=1}
else{$SMAAcheck=0}
if ($resultST.count -gt 0) {$STcheck=1}
else{$STcheck=0}
if ($resultLED.count -gt 0) {$LEDcheck=1}
else{$LEDcheck=0}
if ($resultFFA.count -gt 0) {$FFAcheck=1}
else{$FFAcheck=0}
$SMAAcheck
$STcheck
$LEDcheck
$FFAcheck

Open in new window

0
WeTiAuthor Commented:
Hi, thanks for answer, what does -readCount 250 do? And this: $_; break? When you found the match, it breaks the operation? What happen if the result find in a log file both $resultSMAA and $resultST and first it finds $resultSMAA then it breaks, ignore $resultST? No I would also want to see both result if it found both trigger.
0
footechCommented:
Specifying the -readcount parameter is an attempt to speed up the reading in of the file.  You can safely omit it without changing function of the script.  The construct as is (including the use of the foreach statement) is one of the fastest methods I know to process a file line by line.

For the code { $_; break }, the $_ just emits the current filename and that gets stored in the variable like $resultSMAA, $resultST, etc.  The break command breaks out of the foreach statement loop, such that if it finds a match for $PatternSMAA, it doesn't keep looking in the file for further matches for $PatternSMAA (why? - because we don't care how many matches there are, just if a match is present - this is another optimization).  This doesn't affect searching in the file for other patterns, as those are separate loops.  Again, the break could be omitted without changing the function of the script.

How much do these optimizations affect runtime?  Only testing variations of the script with and without the optimizations would reveal that, which I haven't had time for.  Feel free if you're curious (using Measure-Command).
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
WeTiAuthor Commented:
Well I have not test this yes due to easter, but i think i understand the break now, thanks for now and I will ask for more later if this isnt work. Happy easter. Thanks alot.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.