Question

对于其他进程我想将以下行拆分为对象。该行来自我们的Exchange Incomming SMTP日志文件。

2014-05-23T08:38:58.869Z,Exchangeserver\External Relay,08D1437A9AEFF27B,5,192.168.100.211:25,192.168.100.211:46964,<,MAIL FROM: <prvs=0220d28471=user@domain.eu>

是否可以使用正则表达式执行此操作？

期望的输出：

Time: 08:38:58
Connector: Exchangeserver\External Relay
ExchangeID:08D1437A9AEFF27B
MailFrom:user@domain.eu

对不起，但正则表达对我的大脑来说很重要.. ：（

非常感谢！

Answer 1

您只需要正则表达式的电子邮件地址。您可以使用-split：）

拆分列

$arr = @("2014-05-23T08:38:58.869Z,Exchangeserver\External Relay,08D1437A9AEFF27B,5,192.168.100.211:25,192.168.100.211:46964,<,MAIL FROM: <prvs=0220d28471=user@domain.eu> " -split ",")

$ht = [ordered]@{}
$ht["Time"] = $arr[0]
$ht["Connector"] = $arr[1]
$ht["ExchangeID"] = $arr[2]
$ht["MailFrom"] = $($arr[7] -match "([^=@]+@[^>]+)" | Out-Null; $matches[1])

$ht

然后，您可以格式化哈希表中的结果以获得所需的输出。

Answer 2

$line = 
'2014-05-23T08:38:58.869Z,Exchangeserver\External Relay,08D1437A9AEFF27B,5,192.168.100.211:25,192.168.100.211:46964,<,MAIL FROM: <prvs=0220d28471=user@domain.eu>'

$regex = '^[0-9-]+T([0-9:]+).+?,(.+?),(.+?),.+?MAIL FROM: <.*?(\w+@\w+?\.\w+)>'

$line | 
 New-PSObjectFromMatches -pattern $regex -Property $null,Time,Connector,ExchangeID,MailFrom |
 format-list


Time       : 08:38:58
Connector  : Exchangeserver\External Relay
ExchangeID : 08D1437A9AEFF27B
MailFrom   : user@domain.eu

您可以在此处获取New-PSObjectFromMatches函数：

http://gallery.technet.microsoft.com/scriptcenter/New-PSObjectFromMatches-87d8ce87

正则表达式：过滤字符串

2 个答案: