Select-字符串正则表达式
Select-string regex
我正在使用 foreach 循环搜索大量日志以查找字符串($text),目前正在将整行输出到输出文件($logfile)
Get-ChildItem "\$server$Path" -Filter "*.log" |select-string -pattern $text |select -expandproperty line |out-file $logfile -append
其中一个日志文件的示例行可能如下所示
May 25 04:08:36.640 2016 AUDITOF GUID 1312.2657.11075.54819.13021094807.198 opened by USER
其中 $text = "opened by USER"
所有这些工作正常,它会吐出每个包含 $text 的日志文件的每一行,这很棒。
但是..我想我想做的是获取日期时间和 GUID 的输出。 Guid 可以更改格式、长度等,但它始终带有点,并且始终在 GUID (space) 之后并在 (space) opened
之前
简而言之,我正在尝试使用后向(或前瞻)或匹配 return 类似 $logfile
的正则表达式
5 月 25 日 04:08:36.640 2016,1312.2657.11075.54819.13021094807.198
感谢任何帮助。我不喜欢正则表达式。
一种方法是这样做
$result = Get-ChildItem "\$server$Path" -Filter "*.log" -File |
Select-String -Pattern $text -SimpleMatch |
Select-Object -ExpandProperty Line |
ForEach-Object {
if ($_ -match '([a-z]{3,}\s*\d{2}\s*\d{2}:\d{2}:\d{2}\.\d{3}\s*\d{4}).*GUID ([\d.]+)') {
'{0},{1}' -f $matches[1], $matches[2]
}
}
$result | Out-File $logfile -Append
解释:
- 我在
Select-String cmdlet 中添加了开关 -SimpleMatch,因为您似乎想要完全匹配 $text,而且它不在那里使用正则表达式,这将是最好的选项。
Select-Object -ExpandProperty Line 可以 return 匹配行的数组,所以我将其通过管道传递给 ForEach-Object 以循环遍历 if (..) 使用正则表达式 -match,如果该条件为 $true,我们将执行大括号内的任何操作。
此外,此测试(如果 $true)自动设置一个 $matches 对象数组,我们使用这些匹配项输出一个逗号分隔的行,然后将其收集在变量 $result.- 最后我们简单地将 $result 输出到一个文件
正则表达式详细信息:
( Match the regular expression below and capture its match into backreference number 1
[a-z] Match a single character in the range between “a” and “z”
{3,} Between 3 and unlimited times, as many times as possible, giving back as needed (greedy)
\s Match a single character that is a “whitespace character” (spaces, tabs, line breaks, etc.)
* Between zero and unlimited times, as many times as possible, giving back as needed (greedy)
\d Match a single digit 0..9
{2} Exactly 2 times
\s Match a single character that is a “whitespace character” (spaces, tabs, line breaks, etc.)
* Between zero and unlimited times, as many times as possible, giving back as needed (greedy)
\d Match a single digit 0..9
{2} Exactly 2 times
: Match the character “:” literally
\d Match a single digit 0..9
{2} Exactly 2 times
: Match the character “:” literally
\d Match a single digit 0..9
{2} Exactly 2 times
\. Match the character “.” literally
\d Match a single digit 0..9
{3} Exactly 3 times
\s Match a single character that is a “whitespace character” (spaces, tabs, line breaks, etc.)
* Between zero and unlimited times, as many times as possible, giving back as needed (greedy)
\d Match a single digit 0..9
{4} Exactly 4 times
)
. Match any single character that is not a line break character
* Between zero and unlimited times, as many times as possible, giving back as needed (greedy)
GUID\ Match the characters “GUID ” literally
( Match the regular expression below and capture its match into backreference number 2
[\d.] Match a single character present in the list below
A single digit 0..9
The character “.”
+ Between one and unlimited times, as many times as possible, giving back as needed (greedy)
)
我正在使用 foreach 循环搜索大量日志以查找字符串($text),目前正在将整行输出到输出文件($logfile)
Get-ChildItem "\$server$Path" -Filter "*.log" |select-string -pattern $text |select -expandproperty line |out-file $logfile -append
其中一个日志文件的示例行可能如下所示
May 25 04:08:36.640 2016 AUDITOF GUID 1312.2657.11075.54819.13021094807.198 opened by USER
其中 $text = "opened by USER"
所有这些工作正常,它会吐出每个包含 $text 的日志文件的每一行,这很棒。
但是..我想我想做的是获取日期时间和 GUID 的输出。 Guid 可以更改格式、长度等,但它始终带有点,并且始终在 GUID (space) 之后并在 (space) opened
简而言之,我正在尝试使用后向(或前瞻)或匹配 return 类似 $logfile
的正则表达式5 月 25 日 04:08:36.640 2016,1312.2657.11075.54819.13021094807.198
感谢任何帮助。我不喜欢正则表达式。
一种方法是这样做
$result = Get-ChildItem "\$server$Path" -Filter "*.log" -File |
Select-String -Pattern $text -SimpleMatch |
Select-Object -ExpandProperty Line |
ForEach-Object {
if ($_ -match '([a-z]{3,}\s*\d{2}\s*\d{2}:\d{2}:\d{2}\.\d{3}\s*\d{4}).*GUID ([\d.]+)') {
'{0},{1}' -f $matches[1], $matches[2]
}
}
$result | Out-File $logfile -Append
解释:
- 我在
Select-Stringcmdlet 中添加了开关-SimpleMatch,因为您似乎想要完全匹配$text,而且它不在那里使用正则表达式,这将是最好的选项。 Select-Object -ExpandProperty Line可以 return 匹配行的数组,所以我将其通过管道传递给ForEach-Object以循环遍历if (..)使用正则表达式-match,如果该条件为 $true,我们将执行大括号内的任何操作。
此外,此测试(如果 $true)自动设置一个 $matches 对象数组,我们使用这些匹配项输出一个逗号分隔的行,然后将其收集在变量 $result. 中
- 最后我们简单地将 $result 输出到一个文件
正则表达式详细信息:
( Match the regular expression below and capture its match into backreference number 1
[a-z] Match a single character in the range between “a” and “z”
{3,} Between 3 and unlimited times, as many times as possible, giving back as needed (greedy)
\s Match a single character that is a “whitespace character” (spaces, tabs, line breaks, etc.)
* Between zero and unlimited times, as many times as possible, giving back as needed (greedy)
\d Match a single digit 0..9
{2} Exactly 2 times
\s Match a single character that is a “whitespace character” (spaces, tabs, line breaks, etc.)
* Between zero and unlimited times, as many times as possible, giving back as needed (greedy)
\d Match a single digit 0..9
{2} Exactly 2 times
: Match the character “:” literally
\d Match a single digit 0..9
{2} Exactly 2 times
: Match the character “:” literally
\d Match a single digit 0..9
{2} Exactly 2 times
\. Match the character “.” literally
\d Match a single digit 0..9
{3} Exactly 3 times
\s Match a single character that is a “whitespace character” (spaces, tabs, line breaks, etc.)
* Between zero and unlimited times, as many times as possible, giving back as needed (greedy)
\d Match a single digit 0..9
{4} Exactly 4 times
)
. Match any single character that is not a line break character
* Between zero and unlimited times, as many times as possible, giving back as needed (greedy)
GUID\ Match the characters “GUID ” literally
( Match the regular expression below and capture its match into backreference number 2
[\d.] Match a single character present in the list below
A single digit 0..9
The character “.”
+ Between one and unlimited times, as many times as possible, giving back as needed (greedy)
)