我需要从这个命令的输出中提取一个特定的数字:
Get-EventLog "application" | Where-Object {$_.EventID -eq 6006}
示例输出是:
Index Time EntryType Source InstanceID Message
----- ---- --------- ------ ---------- -------
18297 May 15 18:49 Warning Wlclntfy 2147489654 The winlogon notification subscriber <Profiles> took 60 second(s) to handle the notification event (Logon).
11788 Jan 31 08:11 Warning Wlclntfy 2147489654 The winlogon notification subscriber <Profiles> took 68 second(s) to handle the notification event (Logon).
5794 Oct 16 09:41 Warning Wlclntfy 2147489654 The winlogon notification subscriber <Sens> took 225 second(s) to handle the notification event (Logoff).
5596 Oct 11 08:03 Warning Wlclntfy 2147489654 The winlogon notification subscriber <Profiles> took 69 second(s) to handle the notification event (Logon).
2719 Aug 30 07:50 Warning Wlclntfy 2147489654 The winlogon notification subscriber <Profiles> took 65 second(s) to handle the notification event (Logon).
我实际需要做的是提取 <Profiles> 报告的秒数事件,并找出最大的一个。我已经弄清楚了 (?<=<Profiles> took )(\d+)将只提取我需要的数字,但我不确定如何继续实际提取它们。我已经尝试将其通过管道传输到 Select-String -pattern,但它根本不返回任何内容。
最佳答案
您需要 $matches 内置变量。 $matches[0] 是匹配正则表达式的文本,$matches[1] .. $matches[n] 是匹配的括号表达式(如果有任何).
遗憾的是,我的机器上没有任何 EventID=6006,所以我在没有测试的情况下这样做,但这应该从排序的秒数列表中选择最后一项:
Get-EventLog "application" |
Where-Object {$_.EventID -eq 6006} |
Where-Object { $_.Message -match "<Profiles> took (\d*) second" } |
foreach { [int]$matches[1] } |
sort |
select -last 1
关于regex - Powershell:Get-EventLog 输出上的正则表达式并找到最大数,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/16754448/