How can I search for error lines in a log file modified in the last hour?

By
Keven Krok
-
0
13
Asked By TechyRaccoon42 On

Hey everyone, I'm really stuck on this issue. I'm trying to search through a specific log file for any errors that occurred within the last hour. I've managed to set up a script that returns the paths of files containing 'error' that were modified recently. Here's my code:

```powershell
$StartPath = 'E:FTPLogsDailyLogs*Error*'
$OutputFile = 'C:UsersFTPMgrDocumentsFTPErrors.csv'
Get-ChildItem -Path $StartPath -Recurse | Where-Object {$_.LastWriteTime -gt (Get-Date).AddHours(-1)} | Select-String -Pattern 'error'| Select Name, DirectoryName, LastWriteTime | Export-Csv $OutputFile -NoTypeInformation
```

Now, I'm trying to tweak this so that I can also capture the actual lines containing the word 'error' from the log files, along with the file locations. Does anyone have suggestions on how to do this?

4 Answers

Answered By ScriptSavvy44 On

Hey! It seems you want to fetch the actual lines containing 'error'. In your current line:

```powershell
Select Name, DirectoryName, LastWriteTime
```

You're not retrieving the line itself. Instead, try doing:

```powershell
Select Name, DirectoryName, LastWriteTime, Line
```

Just make sure `Select-String` is actually able to add `Line` as a property because `Select-String` has its own set of properties that might not mesh directly with `Get-ChildItem`. You might need to merge their properties carefully.

Answered By PracticalPenguin78 On

You're on the right track, but remember: getting content from the files themselves is key here. Using `Get-ChildItem` will only give you the files, not their contents. You might want to go with something like:

```powershell
Get-ChildItem -Path $StartPath -Recurse | Where-Object {$_.LastWriteTime -gt (Get-Date).AddHours(-1)} | ForEach-Object {Get-Content $_.FullName | Select-String -Pattern 'error'}
```

This will get you the file content and filter for 'error'.

Answered By CleverCactus21 On

It looks like you're hitting a snag with how the pipeline works. When you use `Select-String`, you're switching from `FileInfo` objects to `MatchInfo` objects. Because of that, the properties like `Name` and `DirectoryName` aren't available when you reach `Select-Object`.

Consider this approach instead:

```powershell
Get-ChildItem -Path $StartPath -Recurse -PipeLineVariable CurFile | Where-Object {$_.LastWriteTime -gt (Get-Date).AddHours(-1)} | Select-String -Pattern 'error' | Select-Object -Property @{label='Name';expression={$CurFile.Name}}, @{label='DirectoryName';expression={$CurFile.DirectoryName}}, @{label='LastWriteTime';expression={$CurFile.LastWriteTime}} | Export-Csv $OutputFile -NoTypeInformation
```

This way, you can still reference the `FileInfo` properties you need. An even cleaner method would be using a `foreach` loop instead of relying heavily on the pipeline, which might help with bugs down the line.

Answered By CuriousPineapple99 On

Looks like what you have is pulling file paths correctly but not the content. You should tweak your command to get the content of the files instead. You can try:

```powershell
Get-Content FILENAME | Select-String -Pattern *error*
```

This will help you directly parse the files for the word 'error'. Just remember to define `FILENAME` properly to point to your files.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.