1

I'm busy with writing a script to process log files, that contain multi-line events. I'm using this line to split up the file to individual events:

$Messages = ((Get-Content $File -Raw) -split '(?m)(?=^\d{4})')

(Basically find 4 digits on the beginning of a line) This results an array of strings, each item is a multiline string, containg one event from the log. It works fine, when I feed in the actual logfile.

But since logfiles are rotated, older data are stored in compressed format, so I was trying to decompress to an object and process immediately. (I'm using 7zip on Windows):

$AllLog=(& $ZipDir\7z e $zFile -so )

That is expanding the file to stdout. However this one also results an array of string, but obviously it is split by single lines. I've tried this way:

[String]$AllLog=(& $ZipDir\7z e $zFile -so )

but surprisingly it removes the linebreaks, so the regex above will never match (since dates and times appear in the logs elswhere, it is vital condition to look for them on beginnings of line)

Is there a way to import the unzipped content somehow similarly to a file? Yeah, I know, I could unzip to temp file, but would be more elegant to avoid it.

Thanks in advance!

Radir
  • 11
  • 2
  • 1
    Try `$AllLog=(& $ZipDir\7z e $zFile -so ) -join [environment]::NewLine` – Theo Dec 14 '21 at 10:30
  • Thx Theo! That helped! Will need to examine the results tough, since analysis does not give **exactly** same result as on original file, but fairly close. Interesting thing is, that it splits to same number of events, but regex matching finds some less patterns... – Radir Dec 15 '21 at 08:02
  • Perhaps you can show an example of the output you're dealing with (sanitized of course). Could be you just need a slightly different regex. – Theo Dec 15 '21 at 10:31

0 Answers0