Powershell script to extract logged errors

Question

I have a lot of log files that I wish to extract the distinct error message from for a specific trace writer.

The log files are SharePoint ULS logs.

The headings are: Timestamp Process TID Area Category EventID Level Message Correlation

So given a specific process name I want all distinct Messages.

If I was to use SQL I would write something like this:

select Distinct Message from where Process like 'myprocessname'

I'd like to do this with powershell across a whole set of log files.

I believe the ULS log is tab or space delimited.

Answer 1

You might be interested in Microsoft's Log Parser which essentially lets you run SQL like statements across a set of log files. You can also use this with Powershell. Here are some links:

• Analyze Web Stats with Log Parser
• Integrating Microsoft Log Parser in Windows Powershell
• Logparser and Powershell

Answer 2

Assuming the log file isn't too huge, you can read the contents in using Import-Csv like so:

$data = Import-Csv .\log.csv -Delimiter "`t"

I'm assuming the delimiter is tab since it is likely any message will contain spaces. Once you have the log data you can use the standard PowerShell query operators like so:

$data | Where {$_.Process -eq 'processname.exe'} | Select Message -Unique

If the log file is huge (such that Import-Csv eats up too much memory) then I would either try using Log Parser or use a regex and parse the log, one line at a time.