在Windows Powershell中,如何更改执行此命令的csv输出格式:
$logs = 'System'
$today = (Get-Date).Date
$logs | foreach{
get-eventlog -log $_ -After ([datetime]::today) |
group eventid,EntryType -noel |
sort count -desc |
export-csv "eventLog_$_.csv" -notype
}
我的输出必须是:
"Values","Count","Group","ID","Severity"
"System.Collections.ArrayList","1085","System.Collections.ObjectModel.Collection`1[System.Management.Automation.PSObject]","1501", "Information"
"System.Collections.ArrayList","15","System.Collections.ObjectModel.Collection`1[System.Management.Automation.PSObject]","37", "Information"
"System.Collections.ArrayList","13","System.Collections.ObjectModel.Collection`1[System.Management.Automation.PSObject]","1500", "Information"
"System.Collections.ArrayList","8","System.Collections.ObjectModel.Collection`1[System.Management.Automation.PSObject]","20001", "Information"
但是当运行上面的命令时,我得到了这个输出:
"Values","Count","Group","Name"
"System.Collections.ArrayList","1085","System.Collections.ObjectModel.Collection`1[System.Management.Automation.PSObject]","1501,Information"
"System.Collections.ArrayList","15","System.Collections.ObjectModel.Collection`1[System.Management.Automation.PSObject]","37,Information"
"System.Collections.ArrayList","13","System.Collections.ObjectModel.Collection`1[System.Management.Automation.PSObject]","1500,Information"
"System.Collections.ArrayList","8","System.Collections.ObjectModel.Collection`1[System.Management.Automation.PSObject]","20001,Information"
有没有比用csv文件修改替换更好的方法?
答案 0 :(得分:0)
我不确定你为什么要在文件中添加一些行,如"System.Collections.ArrayList"等等。您输出的命令是
Count Name
----- ----
116 7036, Information
5 7040, Information
1 206, Information
1 14204, Information
1 7001, Information
1 201, Information
可以使用简单的Select-Object删除额外信息。除非您在$logs中实际拥有更多内容,否则不需要for each循环。如果是这种情况,那么您的-Append应该Export-Csv。你也不要使用$today
$logs = 'System'
get-eventlog -log $logs -After ([datetime]::today) |
Group-Object EventID,EntryType -NoElement |
Sort-Object Count -Descending |
Select-Object count,name |
Export-Csv C:\temp\test.txt -NoTypeInformation
帮助奖金
上述答案可能已足够,但这会增加一点。我提到你的循环似乎很奇怪。如果您正在查看除系统之外的其他日志,那么我可以看到一个观点。我有一个例子如下。此外,Name的返回包含eventID和EventType,我们可以对此做些什么。我创建了一个PSCustomObject,它将Name分成两部分。
$logs = 'System','Application'
$logs | ForEach-Object{
get-eventlog -log $_ -After ([datetime]::today) |
Group-Object EventID,EntryType -NoElement |
Sort-Object Count -Descending |
Select-Object count,name | ForEach-Object{
[PSCustomObject]@{
'EventID' = ($_.Name -split ", ")[0]
'EventType' = ($_.Name -split ", ")[1]
'Count' = $_.Count
}
}
} | Export-Csv C:\temp\test.txt -NoTypeInformation
现在,CSV输出看起来好一点。以下内容来自截断 csv
"EventID","EventType","Count"
"7036","Information","118"
"7040","Information","5"
"102","Information","1"
"902","0","1"
"300","Information","1"
"10","Error","1"
"302","Information","1"
如果您只有PowerShell 2.0,则无法访问[PSCustomObject],因为您可以执行以下操作。请注意$csv循环中构建的数组ForEach,然后通过管道传输到Export-Csv
$csv = @()
$logs = 'System','Application'
$logs | ForEach-Object{
get-eventlog -log $_ -After ([datetime]::today) |
Group-Object EventID,EntryType -NoElement |
Sort-Object Count -Descending |
Select-Object count,name | ForEach-Object{
$properties = @{
'EventID' = ($_.Name -split ", ")[0];
'EventType' = ($_.Name -split ", ")[1];
'Count' = $_.Count;
}
$psobject = new-object psobject -Property $properties
$csv += $psobject
}
}
$csv | Export-Csv C:\temp\test.txt -NoTypeInformation