Remix!! Using Powershell to parse ESE Transaction Logs ...

Let me preface this post by saying this: I'm a tad lazy. However, the newest addition to our team, Brad Hughes, is not. Far from it. That being said, he took it upon himself to rewrite my "Rough & Tough" approach to parsing ESE logs in Powershell. Enjoy ...

1. Download & install Powershell

2. Download & install strings.exe; make sure strings.exe is in your path

3. Place all your transaction logs into a temp directory (i.e. D:\templogs)

4. Fire up Powershell

5. Run the following command:

strings.exe -q -n 16 D:\templogs\*.log | foreach-object { ($_.Split(":".ToCharArray(),3)[2]) }| group-object | select-object count,name | sort count | export-csv C:\temp\output.csv

What this is doing:

· Identifies all strings in the logs greater than 16 chars

· Removes the D:\templogs\E00xxxx.log: from the output

· Sorts the output

· Finds all duplicate records, and retains a count

· Sorts the final output (ending with the largest # of occurrences)

· Writes all the output to D:\templogs\output.csv

As before, the output will be sorted from the least number of repeating occurences to greatest, but now it's in a nifty csv format that you use Excel to do all sorts of fancy sorting.

Note: this post will probably be obsolote in the next 15 minutes, as Brad will likely re-write this in assembly next.

 

Update: you'll have to put the output.csv file into a different directory from the logs that you're trying to parse. Otherwise, you'll get into an endless loop where we try to parse the output.csv file as well.

 

strings.exe -q -n 16 D:\templogs\*.log | foreach-object { ($_.Split(":".ToCharArray(),3)[2]) }| group-object | select-object count,name | sort count | export-csv C:\temp\output.csv