Select-string正则表达式

Question

我正在使用foreach循环搜索大量的日志，查找字符串($text)，并将整行输出到一个输出文件($logfile)中。

Get-ChildItem "\\$server\$Path" -Filter "*.log" |select-string -pattern $text |select -expandproperty line |out-file $logfile -append

其中一个日志文件的示例行可能如下所示

May 25 04:08:36.640 2016 AUDITOF GUID 1312.2657.11075.54819.13021094807.198 opened by USER

其中$text = "opened by USER"

所有这些都能很好地工作，并显示出每个日志文件的每一行，其中包括$text，这是很棒的。

但是..。我想要做的是得到日期、时间和GUID的输出。Guid可以改变格式、长度等，但是它总是有点的，并且总是遵循GUID (space)和(space) opened之前。

简而言之，我试图使用一个查找(或向前看)或匹配来进行正则化，从而将类似的内容返回给$logfile

2016,1312.2657.11075.54819.13021094807.198 5月25日04:08:36.640

任何帮助都很感激。我对Regex很讨厌。

Answer 1

一种方法是这样做

$result = Get-ChildItem "\\$server\$Path" -Filter "*.log" -File | 
          Select-String -Pattern $text -SimpleMatch |
          Select-Object -ExpandProperty Line |
          ForEach-Object {
              if ($_ -match '([a-z]{3,}\s*\d{2}\s*\d{2}:\d{2}:\d{2}\.\d{3}\s*\d{4}).*GUID ([\d.]+)') {
                  '{0},{1}' -f $matches[1], $matches[2]
              }
          }

$result | Out-File $logfile -Append 

解释：

• --我向Select-String cmdlet添加了开关-SimpleMatch，因为您似乎希望与$text完全匹配，而且由于它在那里不使用regex，这将是返回匹配行数组的最佳方法，所以我将其传递到ForEach-Object以循环，尽管
• if (..)使用regex -match，如果该条件是$true，我们将在方括号内执行任何操作。

此外，这个测试(如果是$result.

• Finally )会自动设置一个$matches对象数组，我们使用这些匹配来输出一个逗号分隔行，然后收集在变量$result中，我们只需将该$result输出到一个文件

。

Regex详细信息：

(               Match the regular expression below and capture its match into backreference number 1
   [a-z]        Match a single character in the range between “a” and “z”
      {3,}      Between 3 and unlimited times, as many times as possible, giving back as needed (greedy)
   \s           Match a single character that is a “whitespace character” (spaces, tabs, line breaks, etc.)
      *         Between zero and unlimited times, as many times as possible, giving back as needed (greedy)
   \d           Match a single digit 0..9
      {2}       Exactly 2 times
   \s           Match a single character that is a “whitespace character” (spaces, tabs, line breaks, etc.)
      *         Between zero and unlimited times, as many times as possible, giving back as needed (greedy)
   \d           Match a single digit 0..9
      {2}       Exactly 2 times
   :            Match the character “:” literally
   \d           Match a single digit 0..9
      {2}       Exactly 2 times
   :            Match the character “:” literally
   \d           Match a single digit 0..9
      {2}       Exactly 2 times
   \.           Match the character “.” literally
   \d           Match a single digit 0..9
      {3}       Exactly 3 times
   \s           Match a single character that is a “whitespace character” (spaces, tabs, line breaks, etc.)
      *         Between zero and unlimited times, as many times as possible, giving back as needed (greedy)
   \d           Match a single digit 0..9
      {4}       Exactly 4 times
)
.               Match any single character that is not a line break character
   *            Between zero and unlimited times, as many times as possible, giving back as needed (greedy)
GUID\           Match the characters “GUID ” literally
(               Match the regular expression below and capture its match into backreference number 2
   [\d.]        Match a single character present in the list below
                A single digit 0..9
                The character “.”
      +         Between one and unlimited times, as many times as possible, giving back as needed (greedy)
)