Powershell - Efficient Way to Return Line Numbers from Logs

link之家

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

重情义的青椒 · @SpringBootTest - ...· 4 月前 ·

性感的小虾米 · JAVA获取整点时间-CSDN博客· 9 月前 ·

拉风的闹钟 · css定义浏览器滚动条样式-实现客服访客聊天 ...· 9 月前 ·

仗义的柳树 · Vue基础巩固 - lihuamao33 ...· 1 年前 ·

朝气蓬勃的油条 · 8-Oracle函数有哪些-阿里云开发者社区· 1 年前 ·

I have an extremely large log file (max 1GB) which is appended to throughout the day. There are various strings within this log which I would like to search for (that I can already achieve using Select-String ) however I am scanning the whole file on every sweep which is inefficient and a tad unnecessary.

Ideally I want to scan only the last 5 minutes of the log for these strings on each sweep. Unfortunately not every row of the log file contains a timestamp. I initially thought of doing a wildcard select-string for the last 5 mins timestamps combined with the strings of interest will miss some occurrences. My only other idea at the moment is to determine the line numbers of interest, $FromLineNumber (5 mins before current system time) and $ToLineNumber (the very last line number of log file) and then only Select-String between those two line number ranges.

As an example, to search between line 50 and the final line of the log. I am able to return the line number of $FromLineNumber but I'm struggling with grabbing $ToLineNumber for final row of log.

Q. How do I return only the line number of the final row of a log file?

So far I have tried returning this with Get-Content $path -tail -1 (object type linenumber) however this always returns blank values even with various switches and variations. I can only return line numbers via the Select-String cmdlet however I do not have a specific string to use that relates to the final row of the log. Am I misusing this cmdlet per its original design and if so...is there any other alternative to return the last line number?

Continued...Once I have determined the line number range to search between would I isolate those rows using a Get-Content loop between
$FromLineNumber and $ToLineNumber first to filter down to this smaller selection and then pipe this into a Select-String or is there a more efficient way to achieve this? I suspect that looping through thousands of lines would be demanding on resources so I'm keen to know if there is a better way.

"Unfortunately not every row of the log file contains a timestamp" could you show us a sample of this unusual log file? To get the last line number you may have success with


    Get-Content .\file.log |Select-Object -Last 1 -ExpandProperty ReadCount

, but you'll still need to figure out which line to start from – Mathias R. Jessen Apr 26 '17 at 0:48 Not sure if you are intentionally tailing "minus 1"; you should be


    Get-Content $path -Tail 1

(positive 1) to get the last line. And that should be fast, so if you can make a guess that your 5 minutes will be within the last 100 lines, or 1000 lines, and overshoot by a chunk of lines, that's probably still easier and quicker than any other approach. Otherwise use a file reader and step back from the end of the file, processing lines in reverse until you find a datetime before 5 minutes ago, then stop. You keep mentioning line numbers; Select-String shows them, but Get-Content can't use them – TessellatingHeckler Apr 26 '17 at 1:36 Get-Eventlog has an -after parameter that should do the trick. If the log file has the format of an event log file, yu can and should use this cmdlet. If it has some other form, why is that? – Walter Mitty Apr 26 '17 at 12:22

Here is the answer to the first question

From https://blogs.technet.microsoft.com/heyscriptingguy/2011/10/09/use-a-powershell-cmdlet-to-count-files-words-and-lines/

If I want to know how many lines are contained in the file, I use the Measure->Object cmdlet with the line switch. This command is shown here:

Get-Content C:\fso\a.txt | Measure-Object –Line
        https://stackoverflow.com/questions/43623093/powershell-efficient-way-to-return-line-numbers-from-logs/43623144#43623144
            share
                    improve this answer