Regex 解析自定义日志文件

我有一个日志文件*.log，我希望如下解析和查询：

Line 33043: 17/07/2016;13:26:45;GetMasterOrderNo;Master Order No is : 1117103907 for SoSupplierOrderNo, 1117103907 Line 33048: 17/07/2016;13:26:45;AddAutoPurchHdr;Could not save PurchHdr record - The supplier order number has already been used in Delivery Note No.1117103907 (Order No.1117103907), Supplier SupplierName(51) Line 33049: 17/07/2016;13:26:45;ImportASN;ConvertASNFiles: Failed to import GRN1171_0000700384_1117103907.xml. Could not save PurchHdr record - The supplier order number has already been used in Delivery Note No.1117103907 (Order No.1117103907), Supplier SupplierName(51) 我要做的是将每一行拆分为标题，如下所示：

线 日期 时间 类型 描述 …这样我就可以对此进行查询

---

执行此操作的最佳方法是什么？

您可以使用正则表达式捕获这些字段：

$content = Get-Content 'your_log_path' -raw
$regex = 'Line\s+(\d+):\s+([^;]+);([^;]+);([^;]+);(.+)'
[regex]::Matches($content, $regex) | ForEach-Object {
    [PsCustomObject]@{
        Line = $_.Groups[1].Value
        Date = $_.Groups[2].Value
        Time = $_.Groups[3].Value
        Type = $_.Groups[4].Value
        Description = $_.Groups[5].Value
    }
}

输出：

正则表达式：

---

您可以使用正则表达式捕获这些字段：

$content = Get-Content 'your_log_path' -raw
$regex = 'Line\s+(\d+):\s+([^;]+);([^;]+);([^;]+);(.+)'
[regex]::Matches($content, $regex) | ForEach-Object {
    [PsCustomObject]@{
        Line = $_.Groups[1].Value
        Date = $_.Groups[2].Value
        Time = $_.Groups[3].Value
        Type = $_.Groups[4].Value
        Description = $_.Groups[5].Value
    }
}

输出：

正则表达式：

---

对马丁非常好的回答稍加修改。[PSCustomObject]构造在powershell v2主机上不起作用

$content = Get-Content 'your_log_path' -raw
$regex = 'Line\s+(\d+):\s+([^;]+);([^;]+);([^;]+);(.+)'
[regex]::Matches($content, $regex) | ForEach-Object {
    $obj = New-Object PSObject
    $obj | Add-Member -MemberType NoteProperty -Name Line -Value $_.Groups[1].Value
    $obj | Add-Member -MemberType NoteProperty -Name Date -Value $_.Groups[2].Value
    $obj | Add-Member -MemberType NoteProperty -Name Time -Value $_.Groups[3].Value
    $obj | Add-Member -MemberType NoteProperty -Name Type -Value $_.Groups[4].Value
    $obj | Add-Member -MemberType NoteProperty -Name Description -Value $_.Groups[5].Value
    $obj
}

---

对马丁非常好的回答稍加修改。[PSCustomObject]构造在powershell v2主机上不起作用

$content = Get-Content 'your_log_path' -raw
$regex = 'Line\s+(\d+):\s+([^;]+);([^;]+);([^;]+);(.+)'
[regex]::Matches($content, $regex) | ForEach-Object {
    $obj = New-Object PSObject
    $obj | Add-Member -MemberType NoteProperty -Name Line -Value $_.Groups[1].Value
    $obj | Add-Member -MemberType NoteProperty -Name Date -Value $_.Groups[2].Value
    $obj | Add-Member -MemberType NoteProperty -Name Time -Value $_.Groups[3].Value
    $obj | Add-Member -MemberType NoteProperty -Name Type -Value $_.Groups[4].Value
    $obj | Add-Member -MemberType NoteProperty -Name Description -Value $_.Groups[5].Value
    $obj
}

---

使用带有名称的正则表达式捕获组为自定义对象生成哈希表键：

Get-Content log.txt | ForEach {
    $_ -match '^Line (?<Line>\d+): (?<Day>..)/(?<Month>..)/(?<Year>....);(?<Time>.*?);(?<Type>.*?);(?<Message>.*)$'

    # Cast date and line to useful types (optional)
    $Matches['Date'] = Get-Date ($Matches['Year']+'-'+$Matches['Month']+'-'+$Matches['Day']+' '+$Matches['Time'])
    $Matches['Line'] = [int]$Matches['Line']

    New-Object -Type PSCustomObject -Property $Matches
}

---

使用带有名称的正则表达式捕获组为自定义对象生成哈希表键：

Get-Content log.txt | ForEach {
    $_ -match '^Line (?<Line>\d+): (?<Day>..)/(?<Month>..)/(?<Year>....);(?<Time>.*?);(?<Type>.*?);(?<Message>.*)$'

    # Cast date and line to useful types (optional)
    $Matches['Date'] = Get-Date ($Matches['Year']+'-'+$Matches['Month']+'-'+$Matches['Day']+' '+$Matches['Time'])
    $Matches['Line'] = [int]$Matches['Line']

    New-Object -Type PSCustomObject -Property $Matches
}

---

您有分号分隔的字段。您可以用分号分隔符将其解析为CSV。@ChrisDent这是我第一次尝试，但e。G行不是用分号分隔的，描述也可以包含分号……您有分号分隔的字段。您可以用分号分隔符将其解析为CSV。@ChrisDent这是我第一次尝试，但e。G行之间没有分号，描述中也可能包含分号……没错，我错过了版本+1但是-Property hashtable参数应该可以工作，对吗？V2是我桌面上的参数，尽管我总是可以在运行V4True的服务器上运行它，但我错过了版本+1但是-Property hashtable参数应该可以工作，对吗？V2是我桌面上的参数，尽管我总是可以在运行V4的服务器上运行它