Powershell Select-String list message ID only

Question

I am searching a couple of log files which contain the pattern "WARNING"

Select-String -Path "C:\Users\xxxx\Downloads\*.log" -Pattern "WARNING"

Here is the output:

C:\Users\xxxx\Downloads\ExJBJournal.exe#0000000029.log:16698:49828|P1050|T12C0|2015/09/01 12:20:02:342|CExJournalMsgThread::Run|VERBOSE|***WARNING*** Message Size: 8941 Time taken (in ms): ID calculation: 0 Rules/EMCMF: 92 IngestMsg: 480569 DeleteMsg: 480571 ProcessTime: 480576 MsgId: 577C40D906A5481F7E3D31E73CBA2931F7FB744372C5F29B00 Subject: Transfer PASS [86fd9d0be938dfccfde4fdba67765ffa463edf74]|CExJournalMsgThread.cpp(317)|Job Id: 6634608; Activity Name: APAC_SMTP01_JRN; Activity Id: 1; Activity Type: 2; SG-S1W-02

I want to list MsgId: 577C40D906A5481F7E3D31E73CBA2931F7FB744372C5F29B00 only and how to do that?

score 0 · Answer 1 · answered Sep 02 '15 at 12:47

0

Use a named capture group ((?<name>pattern)) in your Select-String pattern:

$Pattern = "WARNING.*(?<msgid>MsgId: [0-9A-F]+)"
Select-String -Path "C:\Users\xxxx\Downloads\*.log" -Pattern $Pattern |ForEach-Object {
    # Select-String returns a MatchInfo object
    # Check out the "Matches" property to find our captures
    $_.Matches[0].Group["msgid"].Value
}

Now, your output will be something like:

MsgId: D2ADD4EF41473659789575A6B3218B4ADE73568EA81397797A
MsgId: 7EEF23BFA56EF53204DC2CDE2AF8603A3F5F1EB0A2AE4B14C8
MsgId: E0F00C95E5A898199D18D5919D7C55E798DAD3BEB996070F6B
MsgId: 6CAF7AD931AA4FDA9905C0A8FDC696D71CF1848CED47CC6703
MsgId: 1A2AAA30727AAC9A6AED89BE37C6ABBF98FF51DED17F381AAB
MsgId: 1C8E83DD26588A2F9FF4DD31AAA3101B51DAFE5A2082F0E0EA

answered Sep 02 '15 at 12:47

Mathias R. Jessen

157,619
12
148
206

I got this error and I am google it: Cannot index into a null array. – user2655495 Sep 02 '15 at 12:58
Still cannot get it work, what you mean: # Select-String returns a MatchInfo object # Check out the "Matches" property to find our captures – user2655495 Sep 02 '15 at 13:39
I'm just describing why/what I'm doing in the line below. The output you see on screen is just a string representation of a MatchInfo object, sorry if that was confusing. Can you be more elaborate than "still cannot get it work"? – Mathias R. Jessen Sep 02 '15 at 15:09
If I ran: $Pattern = "WARNING.*(?MsgId: [0-9A-F]+)" Select-String -Path "C:\Users\xxxx\Downloads\*.log" -Pattern $Pattern |ForEach-Object { $_.Matches[0].Group["msgid"].Value } I got "Cannot index into a null array". If I ran this only: $Pattern = "WARNING.*(?MsgId: [0-9A-F]+)" Select-String -Path "C:\Users\xxxx\Downloads\*.log" -Pattern $Pattern I can have the output. Where could be the problem? Thanks! – user2655495 Sep 02 '15 at 23:14

score 0 · Answer 2 · answered Sep 07 '15 at 03:17

0

$Pattern = "WARNING.*(?MsgId: [0-9A-F]+)" $path = "XXX"

Select-String -Path $path*.log -Pattern $Pattern | ForEach-Object {

$_.Matches[0].Groups["msgid"].Value

}

answered Sep 07 '15 at 03:17

user2655495

61
4

Powershell Select-String list message ID only

2 Answers2