All good applications create logs and the more detailed the better. In PowerShell I log everything with Start-Transcript and Stop-Transcript. But what happens if you are generating thousands of detailed log files per day and you need to check them for an error code/string?

Opening and searching each one by one is so tiresome most people won’t look until they have an issue. But there’s a better way that allows you to be proactive, you can use PowerShell to create a simple log parser! In this post I’ll give you the code to create your own.

To make the log parser work we are going to combine a few different functions. Get-ChildItem to get a list of all the log files in the folder we want to parse. ForEach to then cycle through each log, Get-Content to load it into memory, Select-String to find the strings we want to search for, then a Measure for how many times it was found and then add it to an array to record what was found where.

Even with commenting it’s under 50 lines, you can start by copying the below:

#############################
# PowerShell Log Parser
#############################
# Strings to parse the log for
$Strings = "terminating error","exception","won't find this"
# Folder of logs to parse
$LogFolder = "C:\Logs"
# Log file extension
$LogExtension = ".log"
# Finding all logs in the folder (add -Recurse to get all logs in sub folders too)
$Logs = Get-ChildItem -Path $LogFolder | Where {$_.Name -match $LogExtension} | Select Name,FullName
# Counting log files
$LogCount = $Logs  | Measure | Select -ExpandProperty Count
$LogCounter = 0
# Creating array to store results
$LogResults = [System.Collections.ArrayList]@()
# Parsing each log
ForEach ($Log in $Logs)
{
$LogCounter ++
# Setting variables
$LogName = $Log.Name
$LogPath = $Log.FullName
# Output to host
"ProcessingLog: $LogCounter/$LogCount
File: $LogName"
# Loading the log content
$LogContent = Get-Content $LogPath
# For each string to match, checking log
ForEach($String in $Strings)
{
# Finding matches
$Matches = $LogContent | Select-String -Pattern $String | Measure | Select -ExpandProperty Count
# Selecting first string found
$StringFound = $LogContent | Select-String -Pattern $String | Select -First 1
# Adding to array
$LogResult = New-Object PSObject
$LogResult | Add-Member -MemberType NoteProperty -Name "String" -Value $String
$LogResult | Add-Member -MemberType NoteProperty -Name "Matches" -Value $Matches
$LogResult | Add-Member -MemberType NoteProperty -Name "Error" -Value $StringFound
$LogResult | Add-Member -MemberType NoteProperty -Name "Log" -Value $LogName
$LogResult | Add-Member -MemberType NoteProperty -Name "Path" -Value $LogPath
$LogResults.Add($LogResult) | Out-Null
}
# End of for each log file below
}
# End of for each log file above
# 
# Showing result
$LogResults | Sort Matches -Desc | Format-Table -AutoSize

Change $Strings to be the patterns you want to search for, can be one or multiple. Then change $LogFolder to the path to search and $LogExtension so you only parse the files you want and give it a run.

I’m also capturing the first entry found so you can see the exact error message. You should see an output like this:

Simple huh? It sure beats opening them one by one or just hoping there’s no errors in those thousands of log files! Happy scripting,

Joshua