Ever cracked open a log file and thought, “Whoa! What is all this?” Don’t worry — you’re not alone. Logs are full of data, but it’s often messy. That’s where PowerShell comes in. With a bit of Regex or Substring magic, you can turn chaos into clarity.
Let’s have some fun and break it down.
Contents
Why Parse Logs?
Maybe you want to:
- Find error messages
- Filter by date or username
- Count warnings
Whatever your reason, searching through a log file manually will make your eyeballs hurt. Script it instead!
Start with Substring
Substring is like scissors for text. It cuts out the part you want. You tell it where to start and how long to go.
$line = "2024-03-12 12:15:30 ERROR Connection failed"
$date = $line.Substring(0, 10)
This grabs the first 10 characters: 2024-03-12. That’s the date.
Need the error part?
$errorType = $line.Substring(20, 5)That gives you ERROR. Quick and clean.
But Logs Vary…
Sometimes the format changes. Spaces aren’t always where we want them. That’s when Regex steps in.
Enter Regex: The Fancy Text Finder
Regex stands for Regular Expressions. Sounds fancy? It is. But it’s not scary.
You use patterns to find the text you want. Like a detective with a magnifying glass.
Let’s find all the times a log showed an error:
$log = Get-Content "log.txt"
foreach ($line in $log) {
if ($line -match "\bERROR\b") {
Write-Output $line
}
}
That \b makes sure we only match the whole word “ERROR”, not “TERROR” or “ERRORS”.
Want to extract the exact time of every error?
if ($line -match "\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}") {
$timestamp = $matches[0]
}
This matches a full timestamp like 2024-03-12 12:15:30.
The Secret Sauce: Matches Array
When you use -match, PowerShell stores the results in $matches.
This is super handy for getting certain parts of a line.
Take this line:
2024-03-12 12:15:30 ERROR Connection failed on server01
Let’s pluck out the server name:
if ($line -match "server\d+") {
$serverName = $matches[0]
}
This finds server01. Easy, right?
Use Named Groups for Clarity
Named groups make your Regex more readable. Let’s say we want the date, time, level, and message.
if ($line -match "(?<date>\d{4}-\d{2}-\d{2}) (?<time>\d{2}:\d{2}:\d{2}) (?<level>\w+) (?<msg>.+)") {
$date = $matches['date']
$time = $matches['time']
$level = $matches['level']
$msg = $matches['msg']
}
Now you can display or filter those parts however you like.
Let’s Combine It!
Here’s a mini script to collect all errors across a log and display the time and message:
$log = Get-Content "log.txt"
foreach ($line in $log) {
if ($line -match "(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}) ERROR (.+)") {
$time = $matches[1]
$message = $matches[2]
Write-Output "[$time] $message"
}
}
This will give you output like:
[2024-03-12 12:15:30] Connection failed on server01
[2024-03-12 13:47:12] Timeout reaching API
Need Even Simpler?
Regex too much? You can still search with simpler tools:
$errors = Select-String -Path "log.txt" -Pattern "ERROR"
This lists all lines with “ERROR”. It’s not fancy, but it works!
Time for Takeoff
Now you’re ready to wrangle logs like a pro. Use Substring for fixed data, and Regex for patterns.
Next time your logs get messy, don’t panic. PowerShell’s got your back. Happy parsing!