Powershell find pattern in each log files, not all together.

Dear expert

Please read the code below, but I dont think this is right tho, logically, I want if variable $resultSMAA find $Pattern and $PatternSMAA in one of the same log file, the $SMAAcheck will be 1. I think right now its searching all the files in $Path with the $time limitation... Anyone can correct this error for me? Thanks

$time = (Get-Date).AddDays(-1)
$Pattern = "Error"
$PatternSMAA = "UIFSMAAMbr"
$PatternLED = "UIFLEDMbr"
$PatternST = "UIFSTbr"
$PatternFFA = "UIFFFAMbr"
$Path = "\\server\logs"
$resultSMAA = Get-ChildItem -Path $Path *.* -Recurse | where-Object {$_.LastWriteTime -gt $time} | Select-String -Pattern $Pattern, $PatternSMAA
$resultLED = Get-ChildItem -Path $Path *.* -Recurse | where-Object {$_.LastWriteTime -gt $time} | Select-String -Pattern $Pattern, $PatternLED
$resultST = Get-ChildItem -Path $Path *.* -Recurse | where-Object {$_.LastWriteTime -gt $time} | Select-String -Pattern $Pattern, $PatternST
$resultFFA = Get-ChildItem -Path $Path *.* -Recurse | where-Object {$_.LastWriteTime -gt $time} | Select-String -Pattern $Pattern, $PatternFFA

if ($resultSMAA -eq $Pattern, $PatternSMAA) {$SMAAcheck=1}
else{$SMAAcheck=0}
if ($resultST -eq $Pattern, $PatternST) {$STcheck=1}
else{$STcheck=0}
if ($resultLED -eq $Pattern, $PatternLED) {$LEDcheck=1}
else{$LEDcheck=0}
if ($resultFFA -ne $Pattern, $PatternFFA) {$FFAcheck=1}
else{$FFAcheck=0}
$SMAAcheck
$STcheck
$LEDcheck
$FFAcheck

Open in new window

LVL 1
WeTiAsked:
Who is Participating?
 
footechCommented:
Specifying the -readcount parameter is an attempt to speed up the reading in of the file.  You can safely omit it without changing function of the script.  The construct as is (including the use of the foreach statement) is one of the fastest methods I know to process a file line by line.

For the code { $_; break }, the $_ just emits the current filename and that gets stored in the variable like $resultSMAA, $resultST, etc.  The break command breaks out of the foreach statement loop, such that if it finds a match for $PatternSMAA, it doesn't keep looking in the file for further matches for $PatternSMAA (why? - because we don't care how many matches there are, just if a match is present - this is another optimization).  This doesn't affect searching in the file for other patterns, as those are separate loops.  Again, the break could be omitted without changing the function of the script.

How much do these optimizations affect runtime?  Only testing variations of the script with and without the optimizations would reveal that, which I haven't had time for.  Feel free if you're curious (using Measure-Command).
0
 
WeTiAuthor Commented:
I tried this way... not working

$time = (Get-Date).AddDays(-1)
$Pattern = "error"
$PatternSMAA = "UIFSMAAMbr"
$PatternLED = "UIFLEDMbr"
$PatternST = "UIFSTbr"
$PatternFFA = "UIFFFAMbr"
$Path = "\\server\logs"
Get-ChildItem -Path $Path *.* -Recurse | where-Object {$_.LastWriteTime -gt $time} #| Select-String -Pattern $Pattern, $PatternSMAA
ForEach-Object { 
$resultSMAA = Select-String -Pattern $Pattern, $PatternSMAA
$resultLED = Select-String -Pattern $Pattern, $PatternLED
$resultST = Select-String -Pattern $Pattern, $PatternST
$resultFFA = Select-String -Pattern $Pattern, $PatternFFA
}
if ($resultSMAA) {$SMAAcheck=1}
else{$SMAAcheck=0}
if ($resultST) {$STcheck=1}
else{$STcheck=0}
if ($resultLED) {$LEDcheck=1}
else{$LEDcheck=0}
if ($resultFFA) {$FFAcheck=1}
else{$FFAcheck=0}
$SMAAcheck
$STcheck
$LEDcheck
$FFAcheck

Open in new window

0
 
footechCommented:
This may be possible to optimize further, but from my testing it's functional.  Some optimizations it does include are:
 - building the list of files that match the date check only once
 - using the list of files to check for the initial pattern to build another list
 - then from that list, checking for the other patterns you're looking for
This would be more efficient than building up from scratch each time.
Your original code also searched for one pattern OR another, instead of AND.
$time = (Get-Date).AddDays(-1)
$Pattern = "Error"
$PatternSMAA = "UIFSMAAMbr"
$PatternLED = "UIFLEDMbr"
$PatternST = "UIFSTbr"
$PatternFFA = "UIFFFAMbr"
$Path = "\\server\logs"
$files = Get-ChildItem -Path $Path *.* -Recurse -File | Where-Object {$_.LastWriteTime -gt $time} | Select -ExpandProperty FullName
$MatchingFiles = @()
$files | ForEach `
{
    foreach ($line in (Get-Content $_ -ReadCount 250))
    {
        If ( $line -match $pattern )
        { $MatchingFiles += $_; break }
    }
}

$resultSMAA = @($MatchingFiles | ForEach `
{
    foreach ($line in (Get-Content $_ -ReadCount 250))
    {
        If ( $line -match $PatternSMAA )
        { $_; break }
    }
})
$resultLED = @($MatchingFiles | ForEach `
{
    foreach ($line in (Get-Content $_ -ReadCount 250))
    {
        If ( $line -match $PatternLED )
        { $_; break }
    }
})
$resultST = @($MatchingFiles | ForEach `
{
    foreach ($line in (Get-Content $_ -ReadCount 250))
    {
        If ( $line -match $PatternST )
        { $_; break }
    }
})
$resultFFA = @($MatchingFiles | ForEach `
{
    foreach ($line in (Get-Content $_ -ReadCount 250))
    {
        If ( $line -match $PatternFFA )
        { $_; break }
    }
})

if ($resultSMAA.count -gt 0) {$SMAAcheck=1}
else{$SMAAcheck=0}
if ($resultST.count -gt 0) {$STcheck=1}
else{$STcheck=0}
if ($resultLED.count -gt 0) {$LEDcheck=1}
else{$LEDcheck=0}
if ($resultFFA.count -gt 0) {$FFAcheck=1}
else{$FFAcheck=0}
$SMAAcheck
$STcheck
$LEDcheck
$FFAcheck

Open in new window

0
 
WeTiAuthor Commented:
Hi, thanks for answer, what does -readCount 250 do? And this: $_; break? When you found the match, it breaks the operation? What happen if the result find in a log file both $resultSMAA and $resultST and first it finds $resultSMAA then it breaks, ignore $resultST? No I would also want to see both result if it found both trigger.
0
 
WeTiAuthor Commented:
Well I have not test this yes due to easter, but i think i understand the break now, thanks for now and I will ask for more later if this isnt work. Happy easter. Thanks alot.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.