{"id":636,"date":"2014-09-24T00:01:00","date_gmt":"2014-09-24T00:01:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2014\/09\/24\/use-select-string-cmdlet-in-powershell-to-view-contents-of-log-file\/"},"modified":"2014-09-24T00:01:00","modified_gmt":"2014-09-24T00:01:00","slug":"use-select-string-cmdlet-in-powershell-to-view-contents-of-log-file","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/use-select-string-cmdlet-in-powershell-to-view-contents-of-log-file\/","title":{"rendered":"Use Select-String Cmdlet in PowerShell to View Contents of Log File"},"content":{"rendered":"

Summary<\/b>: Use the Windows PowerShell cmdlet, <\/span>Select-String<\/b>, to view the contents of a log file.<\/span><\/p>\n

\"Hey, Hey, Scripting Guy! I have a log file that I created by dumping process information from Get-Process<\/b>. It is quite long, and I am trying to use Select-String<\/b> to find the number of instances of a certain process. The problem is that when I find the instance, I do not know what the columns mean. I am wondering what I can do to get the column headers in addition to the process information to show up in my output. I know I can do this with a script, but I don’t want to write a script to accomplish this task. Can you help?<\/p>\n

—BU<\/p>\n

\"Hey, Hello BU,<\/p>\n

Microsoft Scripting Guy, Ed Wilson, is here. Well, I am sore again. It seems that when I go see my trainer, I come away sore. After the weekend, I start to feel good, and then BOOM!—I go back and I am sore all over again. And I do mean sore all over.<\/p>\n

Anyway, the Scripting Wife bought me a nice one-pound bag of English Breakfast tea, so I am sitting here, trying to cool down, sipping a cup of English Breakfast tea with a cinnamon stick in it, and thinking about rejoining the world of the living. I am checking my email sent to scripter@microsoft.com<\/a>, and BU, I ran across your email. The answer is, "Sure, it can be done. In fact, it is not too hard at all."<\/p>\n

First the log file<\/h2>\n

You say that you have a log file you created by using Get-Process<\/b>. I am assuming the command you used was something like the following:<\/p>\n

Get-Process >> C:\\FSO|MyProcesses.txt<\/p>\n

The resulting log file is shwon here:<\/p>\n

\"Image<\/a><\/p>\n

If I use the Select-String<\/b> cmdlet to read the log file and to look for instances related to the iexplore<\/b> process, I might use a command such as this:<\/p>\n

Get-Content C:\\fso\\myprocesses.txt | Select-String 'iexplore'<\/p>\n

The command and the output from the command are shown here:<\/p>\n

\"Image<\/a><\/p>\n

The problem with this command, is that I cannot tell what the columns of numbers mean. Also, it is more work than is required. I do not need to use Get-Content<\/b> first. I can simply use Select-String<\/b> to find the information I need.<\/p>\n

One way to get column headings<\/h2>\n

I can use two commands to get the column headings. The first is to use the Get-Content<\/b> cmdlet and return only the first two lines from the file. This will give me the column headings. The command is shown here:<\/p>\n

Get-Content C:\\fso\\myprocesses.txt -TotalCount 2<\/p>\n

I can then use the previous command to display the column details, as shown here:<\/p>\n

\"Image<\/a><\/p>\n

It is not ideal, but it does give me an idea of what is going on, and I can line up the column headings well enough to decipher the output. So, this will work.<\/p>\n

Simplify things<\/h2>\n

I said that I do not need to resort to Get-Content<\/b> at all. In fact, I can use Select-String<\/b> to parse the file and find the information all at the same time. To do this, all I need to do is to specify the path to the file, for example:<\/p>\n

Select-String -Path C:\\fso\\myprocesses.txt -Pattern iexplore<\/p>\n

The command and the output are shown here (note that this command includes the file and the line number where the match occurred).<\/p>\n

\"Image<\/a><\/p>\n

I still need to obtain the headers from the file to be able to make sense of the output. I could go back to using Get-Content<\/b>, but the output would not be quite as readable. A better way is to use the regular expression OR<\/b> pattern. I know that one of the columns includes the word Handles. So I can specify my pattern to be iexplore<\/b> OR Handles<\/b>. Here is the command I use:<\/p>\n

Select-String -Path C:\\fso\\myprocesses.txt -Pattern "(iexplore|Handles)"<\/p>\n

The command and the output are shown here:<\/p>\n

\"Image<\/a><\/p>\n

The output is a little better, and the columns line up pretty well. I may decide to leave it at this. But if I do not need the Line number<\/b> field or the Path<\/b> field, I can clean up the output. To do this, I need to know the properties of the MatchInfo<\/b> object. I get these from Get-Member<\/b> as shown here:<\/p>\n

Select-String -Path C:\\fso\\myprocesses.txt -Pattern "(iexplore|Handles)" | get-member -MemberType Properties<\/p>\n

 <\/p>\n

   TypeName: Microsoft.PowerShell.Commands.MatchInfo<\/p>\n

 <\/p>\n

Name       MemberType Definition<\/p>\n

—-       ———- ———-<\/p>\n

Context    Property   Microsoft.PowerShell.Commands.MatchInfoContext Context {get;set;}<\/p>\n

Filename   Property   string Filename {get;}<\/p>\n

IgnoreCase Property   bool IgnoreCase {get;set;}<\/p>\n

Line       Property   string Line {get;set;}<\/p>\n

LineNumber Property   int LineNumber {get;set;}<\/p>\n

Matches    Property   System.Text.RegularExpressions.Match[] Matches {get;set;}<\/p>\n

Path       Property   string Path {get;set;}<\/p>\n

Pattern    Property   string Pattern {get;set;}<\/p>\n

Luckily, the property names make sense. Obviously, Pattern<\/b> is the pattern I specified to find the matches. The LineNumber<\/b> and Path<\/b> properties are the file and the line number in the file. So I want the Line<\/b> property. Here is my revised command:<\/p>\n

Select-String -Path C:\\fso\\myprocesses.txt -Pattern "(iexplore|Handles)" | select line<\/p>\n

Here is the command and the revised output. It is quite readable now.<\/p>\n

\"Image<\/a><\/p>\n

BU, that is all there is to using Select-String<\/b>. Join me tomorrow when I will talk about more way cool Windows PowerShell stuff.<\/p>\n

I invite you to follow me on Twitter<\/a> and Facebook<\/a>. If you have any questions, send email to me at scripter@microsoft.com<\/a>, or post your questions on the Official Scripting Guys Forum<\/a>. See you tomorrow. Until then, peace.<\/p>\n

Ed Wilson, Microsoft Scripting Guy<\/b> <\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

Summary: Use the Windows PowerShell cmdlet, Select-String, to view the contents of a log file.  Hey, Scripting Guy! I have a log file that I created by dumping process information from Get-Process. It is quite long, and I am trying to use Select-String to find the number of instances of a certain process. The problem […]<\/p>\n","protected":false},"author":596,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[3,4,336,45],"class_list":["post-636","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-scripting-guy","tag-scripting-techniques","tag-strings","tag-windows-powershell"],"acf":[],"blog_post_summary":"

Summary: Use the Windows PowerShell cmdlet, Select-String, to view the contents of a log file.  Hey, Scripting Guy! I have a log file that I created by dumping process information from Get-Process. It is quite long, and I am trying to use Select-String to find the number of instances of a certain process. The problem […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/636","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/596"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=636"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/636\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=636"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=636"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=636"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}