使用ConvertFrom-Csv -Delimiter进行可变长度的空格

时间:2019-01-07 15:50:08

标签: powershell

我有一个报告,该报告生成Windows安全事件的CSV文件。通过此报告,我想了解具体信息。

下面的以下代码按字段之间的空格解析数据的每一行。这可以正常工作:

$InStuff = Get-Content -Path 'SecurityEvents.csv'

$ColCount = $InStuff[1].Split(' ').Count

$Collection = $InStuff | ConvertFrom-Csv -Delimiter ' ' -Header     (1..$ColCount).ForEach({"Column_$_"})

$Collection |
    Select-Object -Property 'Column_17', 'Column_83'

示例CSV行:

<134>Dec 13 13:50:23 10.137.119.42 MSWinEventLog 1 Security 123456789 Thu Dec 13 13:50:23 2018 4662 Microsoft-Windows-Security-Auditing MyCompany\dy625 N/A Success Audit mydc1.dy625.com Directory Service Access  An operation was performed on an object.    Subject :   Security ID:  S-123456  Account Name:  dy625 Account Domain:  MyCompany   Logon ID:  XXXXXXXX   Object:   Object Server:  DS   Object Type:  %{XXXXXXXX-XXXXXXXX-XXXXXXXX}   Object Name:  %{XXXXXXXX-XXXXXXXX-XXXXXXXX}   Handle ID:  0x0    Operation:   Operation Type:  Object Access   Accesses:  Write Property  Access Mask:  0x20   Properties:  Write Property {XXXX-XXXX-XXXXX}  {XXXX-XXXX-XXXXX} {XXXX-XXXX-XXXXX}  {XXXX-XXXX-XXXXX}   Additional Information:   Parameter 1:  -   Parameter 2:   123456
<134>Dec 13 13:50:18 10.137.119.42 MSWinEventLog 1 Security 123456789 Thu Dec 13 13:50:18 2018 4662 Microsoft-Windows-Security-Auditing MyCompany\dy626 N/A Success Audit mydc1.dy625.com Directory Service Access  An operation was performed on an object.    Subject :   Security ID:  S-123456  Account Name:  dy626 Account Domain:  MyCompany   Logon ID:  XXXXXXXX   Object:   Object Server:  DS   Object Type:  %{XXXXXXXX-XXXXXXXX-XXXXXXXX}   Object Name:  %{XXXXXXXX-XXXXXXXX-XXXXXXXX}   Handle ID:  0x0    Operation:   Operation Type:  Object Access   Accesses:  Write Property  Access Mask:  0x20   Properties:  Write Property {XXXX-XXXX-XXXXX}  {XXXX-XXXX-XXXXX} {XXXX-XXXX-XXXXX}  {XXXX-XXXX-XXXXX}   Additional Information:   Parameter 1:  -   Parameter 2:   123456
<134>Jan  4 13:50:14 10.137.118.22 MSWinEventLog 1 Security 123456789 Thu Dec 13 13:50:14 2018 4662 Microsoft-Windows-Security-Auditing MyCompany\dy627 N/A Success Audit mydc1.dy625.com Directory Service Access  An operation was performed on an object.    Subject :   Security ID:  S-123456  Account Name:  dy627 Account Domain:  MyCompany   Logon ID:  XXXXXXXX   Object:   Object Server:  DS   Object Type:  %{XXXXXXXX-XXXXXXXX-XXXXXXXX}   Object Name:  %{XXXXXXXX-XXXXXXXX-XXXXXXXX}   Handle ID:  0x0    Operation:   Operation Type:  Object Access   Accesses:  Write Property  Access Mask:  0x20   Properties:  Write Property {XXXX-XXXX-XXXXX}  {XXXX-XXXX-XXXXX} {XXXX-XXXX-XXXXX}  {XXXX-XXXX-XXXXX}   Additional Information:   Parameter 1:  -   Parameter 2:   123456

一个无法预料的问题是Windows不会按照我的预期格式化日期。例如,请参见下文

<134>Dec 13
<134>Jan  4

如果您注意到,“ Jan”和“ 4”之间有两个空格,而“ Dec”和“ 13”之间有一个空格。这意味着我需要运行两个不同的脚本,具体取决于每月的一天。

我想知道是否有可能使定界符成为“变量”空白,而不是在此特定实例中使用单个定义的' '。看来ConvertFrom-Csv命令中不支持这种功能-而且我不确定如何重写代码来适应这种功能。

2 个答案:

答案 0 :(得分:1)

只需用一个空格替换所有双空格:

Dim oSld As Slide
Dim oSh As Shape
Dim sOldPath As String
Dim sNewPath As String


sOldPath = "C:\__oldpath\oldfolder\old.xlsm"
sNewPath = "C:\__New Dangerous\Dangerous.xlsm"


For Each oSld In ActivePresentation.Slides
    For Each oSh In oSld.Shapes
        ' Change only linked OLE objects
        If oSh.Type = msoLinkedOLEObject Then
            On Error Resume Next
            ' Verify that file exists
            If Len(Dir$(Replace(oSh.LinkFormat.SourceFullName, sOldPath, sNewPath))) > 0 Then
                 oSh.LinkFormat.SourceFullName = Replace(oSh.LinkFormat.SourceFullName, oSh.LinkFormat.SourceFullName, sNewPath)
            End If
         End If
    Next    ' shape
Next    ' slide

MsgBox ("Done!")

答案 1 :(得分:1)

您将需要添加另一步骤,以一个空格替换“两个或多个空格字符”。像这样的东西

path

输出... 

name
相关问题
最新问题