cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

parsing data from output

LuisAeaseoffice
Copper Contributor

‎Oct 26 2020 12:20 PM

‎Oct 26 2020 12:20 PM

parsing data from output

I have an script which pull the fallowing Windows log, "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational". from few servers. 

PS script:

Get-WinEvent -ComputerName $s.Name -logname "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" -MaxEvents 300 | Where-Object {$_.ID -Like '21'}| Select -ExpandProperty Message

I'm getting the following results:

 

User: ANY\User1

Session ID: 6

Source Network Address: 192.168.1.1

Remote Desktop Services: Session logon succeeded:

 

User: ANY\User2

Session ID: 7

Source Network Address: 192.168.1.2

Remote Desktop Services: Session logon succeeded:

 

User: ANY\User3

Session ID: 8

Source Network Address: 192.168.1.3

Remote Desktop Services: Session logon succeeded:

....

I would like to see how I can parse all the results in Columns:

Users               Session ID                   SourceNet        RDS

ANY\User1        6                                  192.168.1.1     Session logon succeeded

ANY\User2        7                                  192.168.1.2     Session logon succeeded

ANY\User3        8                                  192.168.1.3     Session logon succeeded

 

Any help is appreciated.

Thanks.

 

Labels:
2,049 Views
0 Likes
3 Replies
Reply
3 Replies
farismalaeb

‎Oct 28 2020 02:48 AM - edited ‎Oct 28 2020 02:50 AM

‎Oct 28 2020 02:48 AM - edited ‎Oct 28 2020 02:50 AM

Re: parsing data from output

@LuisAeaseoffice 

Use this

 

$Fullresult=@()
$allevents=Get-WinEvent -ComputerName $s.Name -logname "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" -MaxEvents 300 | Where-Object {$_.ID -Like '21'}| Select -ExpandProperty Message
foreach ($singleevent in $allevents){
$Result=New-Object PSObject
$Result | Add-Member -NotePropertyName "User" -NotePropertyValue ($singleevent.split("`n")[2].substring(6))
$Result | Add-Member -NotePropertyName "SessionID " -NotePropertyValue ($singleevent.split("`n")[3].substring(12))
$Result | Add-Member -NotePropertyName "SourceNet" -NotePropertyValue ($singleevent.split("`n")[4].substring(24))
$Result | Add-Member -NotePropertyName "RDS" -NotePropertyValue ($singleevent.split("`n")[0].substring(25))

$Fullresult+=$Result
}

$Fullresult | ft -AutoSize -Wrap

 

The Message value seems to be a string and what I did is splitting the string in to array by using the `n newline and then add them to a PSCustome Object  which hold the value

 

 

 

---------------------------------

If this answers your question, please Click on Best Response and give a like :)

 

0 Likes
Reply
best response confirmed by LuisAeaseoffice (Copper Contributor)
farismalaeb

‎Oct 28 2020 02:55 AM

‎Oct 28 2020 02:55 AM

Solution

Re: parsing data from output

@LuisAeaseoffice 

$Fullresult=@()
$allevents=Get-WinEvent -ComputerName $s.Name -logname "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" -MaxEvents 300 | Where-Object {$_.ID -Like '21'}| Select -ExpandProperty Message
foreach ($singleevent in $allevents){
$Result=New-Object PSObject
$Result | Add-Member -NotePropertyName "User" -NotePropertyValue ($singleevent.split("`n")[2].substring(6))
$Result | Add-Member -NotePropertyName "SessionID " -NotePropertyValue ($singleevent.split("`n")[3].substring(12))
$Result | Add-Member -NotePropertyName "SourceNet" -NotePropertyValue ($singleevent.split("`n")[4].substring(24))
$Result | Add-Member -NotePropertyName "RDS" -NotePropertyValue ($singleevent.split("`n")[0].substring(25))

$Fullresult+=$Result
}

$Result | ft -AutoSize

Use this script, This script will store the result in a new PSObject.

I use the Split method to split and be able to read the lines like this, the `n refer to a new line.

 

Hope this help

 

----------------------------------------------

If this answers your question, please click on Best Response and give Like :)

 

 

1 Like
Reply
LuisAeaseoffice

‎Oct 29 2020 02:24 PM

‎Oct 29 2020 02:24 PM

Re: parsing data from output

Thanks so much, it work like a charm.

Thanks.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by LuisAeaseoffice (Copper Contributor)
farismalaeb

‎Oct 28 2020 02:55 AM

‎Oct 28 2020 02:55 AM

Solution

Re: parsing data from output

@LuisAeaseoffice 

$Fullresult=@()
$allevents=Get-WinEvent -ComputerName $s.Name -logname "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" -MaxEvents 300 | Where-Object {$_.ID -Like '21'}| Select -ExpandProperty Message
foreach ($singleevent in $allevents){
$Result=New-Object PSObject
$Result | Add-Member -NotePropertyName "User" -NotePropertyValue ($singleevent.split("`n")[2].substring(6))
$Result | Add-Member -NotePropertyName "SessionID " -NotePropertyValue ($singleevent.split("`n")[3].substring(12))
$Result | Add-Member -NotePropertyName "SourceNet" -NotePropertyValue ($singleevent.split("`n")[4].substring(24))
$Result | Add-Member -NotePropertyName "RDS" -NotePropertyValue ($singleevent.split("`n")[0].substring(25))

$Fullresult+=$Result
}

$Result | ft -AutoSize

Use this script, This script will store the result in a new PSObject.

I use the Split method to split and be able to read the lines like this, the `n refer to a new line.

 

Hope this help

 

----------------------------------------------

If this answers your question, please click on Best Response and give Like :)

 

 

View solution in original post

1 Like
Reply