Powershell/Regex to count number of times a date range appears

Question

I am working on a script to pull metrics from a log file. Here is an example from the log.

2/21/2022 3:29 PM: Requested username - Found disabled account with matching CATIID named username - Account username reactivated

3/21/2022 3:37 PM: username - No account found. Creating new account.

4/26/2022 1:25 PM: username- Disabled account found. Re-enabling 
account.

4/26/2022 1:25 PM: username - Active account found. Added to requested groups and updated charge code.

4/26/2022 1:25 PM: username - Disabled account found. Re-enabling account.

I need to be able to filter this to only count the number of times "Reactivated or Re-enabling" appears but also only for the month we are auditing.

Expected count from above would be 2 for the month of April.

I attempted to start filtering by using

$acc1 = Get-Content $accountcreatedpath | Select-String -pattern "$reactivationmonth/"
$acc2 = $acc1 | Select-String -pattern "/2022"
$acc3 = $acc2 | Select-String -NotMatch "$reactivationmonth/2022"
$accountscreated1 = ($acc3).Count

However this will miss any entries that occur when the month and day are the same. Any help greatly appreciated.

With `(?m)^4/\d{1,2}/20\d{2}.*?\b(Reactivated|Re-enabling)\b` regex, you [can get](https://regex101.com/r/icKORt/1) the two matches. — Wiktor Stribiżew, May 17 '22 at 16:23

score 1 · Accepted Answer · answered May 17 '22 at 16:38

You can use

$acc1 = '2/21/2022 3:29 PM: Requested username - Found disabled account with matching CATIID named username - Account username reactivated
3/21/2022 3:37 PM: username - No account found. Creating new account.
4/26/2022 1:25 PM: username- Disabled account found. Re-enabling
account.
4/26/2022 1:25 PM: username - Active account found. Added to requested groups and updated charge code.
4/26/2022 1:25 PM: username - Disabled account found. Re-enabling account.'
$reactivationmonth=4
$rx = "(?m)^$reactivationmonth/\d{1,2}/20\d{2}.*?\b(Reactivated|Re-enabling)\b"
([regex]::Matches($acc1, $rx )).count

Output is 2. See the regex demo.

Details:

(?m)^ - start of a line ((?m) equals RegexOptions.Multiline option)
$reactivationmonth - the month
/ - a / char
\d{1,2} - one or two digits
/20 - a /20 text
\d{2} - two digits -.*? - any zero or more chars other than newline chars as few as possible
\b(Reactivated|Re-enabling)\b - a whole word Recativated or Re-enabling.

Just FYI: you might consider trying out a multiline supporting pattern like `(?ms)^4/\d{1,2}/20\d{2}(?:(?!^\d{1,2}/\d{1,2}/20\d{2}).)*?\b(Reactivated|Re-enabling)\b` if you have trouble with the one in the answer. — Wiktor Stribiżew, May 17 '22 at 16:46
Hi, how could I use this method pulling directly from the .txt file? I tried with Get-Content and Out-String but it doesn't seem to work as expected like in your example. — Rich, May 17 '22 at 17:39
@Rich With `([regex]::Matches((Get-Content text.txt -Raw), $rx )).count` — Wiktor Stribiżew, May 17 '22 at 17:41

Powershell/Regex to count number of times a date range appears

1 Answers1