Forum Discussion
Solved
parsing data from output
I have an script which pull the fallowing Windows log, "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational". from few servers. PS script: Get-WinEvent -ComputerName $s.Name -lognam...
$Fullresult=@() $allevents=Get-WinEvent -ComputerName $s.Name -logname "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" -MaxEvents 300 | Where-Object {$_.ID -Like '21'}| Select -ExpandProperty Message foreach ($singleevent in $allevents){ $Result=New-Object PSObject $Result | Add-Member -NotePropertyName "User" -NotePropertyValue ($singleevent.split("`n")[2].substring(6)) $Result | Add-Member -NotePropertyName "SessionID " -NotePropertyValue ($singleevent.split("`n")[3].substring(12)) $Result | Add-Member -NotePropertyName "SourceNet" -NotePropertyValue ($singleevent.split("`n")[4].substring(24)) $Result | Add-Member -NotePropertyName "RDS" -NotePropertyValue ($singleevent.split("`n")[0].substring(25)) $Fullresult+=$Result } $Result | ft -AutoSizeUse this script, This script will store the result in a new PSObject.
I use the Split method to split and be able to read the lines like this, the `n refer to a new line.
Hope this help
----------------------------------------------
If this answers your question, please click on Best Response and give Like 🙂
Use this
$Fullresult=@()
$allevents=Get-WinEvent -ComputerName $s.Name -logname "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" -MaxEvents 300 | Where-Object {$_.ID -Like '21'}| Select -ExpandProperty Message
foreach ($singleevent in $allevents){
$Result=New-Object PSObject
$Result | Add-Member -NotePropertyName "User" -NotePropertyValue ($singleevent.split("`n")[2].substring(6))
$Result | Add-Member -NotePropertyName "SessionID " -NotePropertyValue ($singleevent.split("`n")[3].substring(12))
$Result | Add-Member -NotePropertyName "SourceNet" -NotePropertyValue ($singleevent.split("`n")[4].substring(24))
$Result | Add-Member -NotePropertyName "RDS" -NotePropertyValue ($singleevent.split("`n")[0].substring(25))
$Fullresult+=$Result
}
$Fullresult | ft -AutoSize -Wrap
The Message value seems to be a string and what I did is splitting the string in to array by using the `n newline and then add them to a PSCustome Object which hold the value
---------------------------------
If this answers your question, please Click on Best Response and give a like 🙂