Powershell - Find Log Entries

  • Posted on: 20 November 2014
  • By: Ashley

This was one of the first Powershell scripts I wrote when I took on this role, well before we knew of the application Splunk. Looking back at this 3-year-old bit of code, there are obvious shortcomings and areas that should be improved on, but with Splunk now at hand, and other more pressing issues, this is low on my priorities list.

The below has been modified to strip out server names or log file names, but really all it is, is 2 arrays containing the names of hosts in our pools both a non-production and a production pool, and the root file path we're using, AKA the log file directory for this application.

Variables

$prod = @(
    ("prodServer01","\\prodServer01\d$\application\logs\"),
    ("prodServer02","\\prodServer02\d$\application\logs\"),
    ("prodServer03","\\prodServer03\d$\application\logs\"),
    ("prodServer04","\\prodServer04\d$\application\logs\"),
    ("prodServer05","\\prodServer05\d$\application\logs\"),
    ("prodServer06","\\prodServer06\d$\application\logs\"),
    ("prodServerbat01","\\prodServerbat01\d$\application\logs\"))
$nprod = @(
    ("testServer01","\\testServer01\d$\application\logs\"),
    ("testServer02","\\testServer02\d$\application\logs\"),
    ("testServerbat01","\\testServerbat01\d$\application\logs\"),
    ("devServer01","\\devServer01\d$\application\logs\"))
$SearchComp = 'false'
$FileComp = 'false'
$ProdComp = 'false'

I've then tried to build in as much help where necessary, even though what you're doing is quite easy to pick up on, I like to have help available.

write-host "For Help at any time, enter --?H or --?Help in any input fields." -foregroundcolor DarkCyan

Give me instructions

write-host " "
write-host "========================== Find Entries in Logs ==========================" -foregroundcolor Cyan
...
# Enter the word you want to search for.
do{
	$Search = read-host "What are you searching for? "
	if($Search -eq '--?Help' -or $Search -eq '--?H' ){
		write-host "  Write out the string you're searching for in here, and press enter to move to the next input." -foregroundcolor Yellow
	}
	else{$SearchComp = 'true'}
}while($SearchComp -eq 'false')
# The file needs to be the exact name, with format. IE: services-log.txt
do{
	$LogFile = read-host "Which log file are you after? "
	if($LogFile -eq '--?Help' -or $LogFile -eq '--?H' ){
		write-host "  Write out the name of the file you want to search, examples:" -foregroundcolor Yellow
		write-host "  	- email-log.txt" -foregroundcolor Yellow
		write-host "  	- session-log.txt" -foregroundcolor Yellow
		write-host "  	- services-log.txt" -foregroundcolor Yellow
	}
	else{$FileComp = 'true'}
}while($FileComp -eq 'false')

# Prod or NProd?
do{
	$b = read-host "Prod or NProd? "
	if($b -eq '--?Help' -or $b -eq '--?H' ){
		write-host "  If you're wanting to search Non Production, enter N, Non, or NProd. Anything else will search Prod." -foregroundcolor Yellow
	}
	else{$ProdComp = 'true'}
}while($ProdComp -eq 'false')

 
# If you enter NProd, N or Non, search NonProduction Servers. If none match, default to prod.
if($b -eq 'NProd' -or $b -eq 'N' -or $b -eq 'Non'){
    $a = $nprod
}
else{
    $a = $prod
}

At this point you will have specified the file you're wanting to access (relative to the \\Server#\drive$\application\logs\ directory), whether you're wanting to search across your production or non-production server pool, and the string of text you're looking for within the log file.

Results

write-host "================================== Results ==================================" -foregroundcolor Cyan
 
# Cycle through the Elements in the array.
foreach ($element in $a){
    try{
        # The below is used to stop Powershell Errors from popping up. Comment it out to see any errors.
        $ErrorActionPreference = "SilentlyContinue"
        # Boolean to check whether there are results.
        $exists = "False"
        $c = 0
        $data = Get-Content ($element[1] + $LogFile)
        # Cycle through the lines in the each file.
        foreach ($line in $data){
            if($line -match $Search){
                # If there is a match, change Boolean, and add 1 to the count of matches.
                $exists = "True"
                $c += 1
            }
        }
        # If there are results for the search in the file:
        if($exists -eq "True"){
            write-host  " "$c "entries exist in"$LogFile" for "$Search" on" $element[0] -foregroundcolor red
        }
        # If there are no results for the search in the file:
        elseif($exists -eq "False"){
            write-host "  No Entries in"$LogFile" for "$Search" on" $element[0] -foregroundcolor DarkCyan
        }
		$data = ""
    }
    catch {
        write-host "There was an error in reading logs: " -foregroundcolor red
        write-host $_ -foregroundcolor red
    }
    finally{
        $data = ""
    }
}
$data = ""
write-host "================================ End Results ================================" -foregroundcolor Cyan
write-host " "

End Result

Gallery: