Monitor and highlight log files w/PowerShell

cover

Write-HostHighlight

  • The Write-HostHighlight function from my PowerShell MS-Module module can receive any string(s) and highlight within it a substring. Let see a simple example.
'Error,error/ERROR_Error>err or' | Write-HostHighlight Error
  • By default the search is case insensitive, but you can easy change it by specifying the -CaseSensitive switch.
'Error,error/ERROR_Error>err or' | Write-HostHighlight Error -CaseSensitive

01.write-hosthighlight_casesensitive

  • If an input string does not contain a substring, the Write-HostHighlight just writes the input string with no highlights. There is option to reject the output if search not succeed by specifying -HideNotMatch flag.
'This is warning', 'This is error', 'This is info' | Write-HostHighlight error
'This is warning', 'This is error', 'This is info' | Write-HostHighlight error -HideNotMatch

02.write-hosthighlight_hidenotmatch

  • One more enjoyable feature is possibility to add line numbers to the output. Just specify -LineNum parameter. The matched lines will have different number color!
'This is warning', 'This is error', 'This is info' | Write-HostHighlight error
'This is warning', 'This is error', 'This is info' | Write-HostHighlight error -LineNum

03.write-hosthighlight_linenum

  • Of course you can combine all these switches in any order.

The colors

  • If we talk about highlighting it would be unfair not to be able to choose colors. Yes, the function allows to select the both, the font color by -ForegroundColor parameter and the background color -BackgroundColor.
'Error,error/ERROR_Error>err or' | Write-HostHighlight error -ForegroundColor Yellow
'Error,error/ERROR_Error>err or' | Write-HostHighlight error -ForegroundColor Red -BackgroundColor Yellow
  • You can use more short and handy -fgc and -bgc parameter aliases. The both parameters support Intellisense Ctrl+Space and all system colors are available for the choice.
'Error,error/ERROR_Error>err or' | Write-HostHighlight error -ForegroundColor Red -BackgroundColor Yellow
'Error,error/ERROR_Error>err or' | Write-HostHighlight error -fgc Red -bgc Yellow

04.write-hosthighlight_color

  • If you prefer there is option to use color numbers instead of the color names.
'Error,error/ERROR_Error>err or' | Write-HostHighlight error -ForegroundColor Red -BackgroundColor 1
'Error,error/ERROR_Error>err or' | Write-HostHighlight error -ForegroundColor 1 -BackgroundColor 6
'Error,error/ERROR_Error>err or' | Write-HostHighlight error -fgc 1 -bgc 6

Highlight log files

  • To read text files we will use the PowerShell embedded Get-Content function. The Windows update log is good enough for this example.
Get-Content $env:windir\WindowsUpdate.log | Write-HostHighlight FAILED -Line -Hide -Case
  • For live file monitoring you can use the magic -Wait parameter. The Get-Content -Wait | Write-HostHighlight behaves like tail -f | grep.
Get-Content $env:windir\WindowsUpdate.log -Wait | Write-HostHighlight FAILED -LineNum -CaseSensitive

05.write-hosthighlight_windowsupdatelog1

  • If we are not using -HideNotMatch switch in huge input files, the number of non-matched lines should be very large and we just will not see the matched lines. I suggest you to filter large input files by Where-Object cmdlet or Where() method before pipeline to decrease overall lines number.

  • Note, in case of pre-filtered input the line numbers are not real line numbers from the input file.

(Get-Content $env:windir\WindowsUpdate.log).Where{$_ -match '2019/01/21\s11:'} | Write-HostHighlight FAILED -CaseSensitive

06.write-hosthighlight_windowsupdatelog2

Not only text?

  • Despite of the Write-HostHighlight function intended to work with a text (it highlights a substring within a string), it can operate with objects too. Generally, it accepts any input from any cmdlet. The output is not always looks nice, but it works! Let see some examples.

  • This example will search and highlight the error substring occurrence within System event log entries. Actually the search will be made in all properties of the input object, in our case we expect to find it in the Message property. Which properties will be sent to the pipeline can be controlled by Select-Object cmdlet.

Get-EventLog System | select Message, EventID | Write-HostHighlight error -HideNotMatch

07.write-hosthighlight_eventlog

  • One more example with Import-Csv cmdlet.
Get-EventLog System | select Message, EventID | Export-Csv -notype C:\temp\Events.csv
Import-Csv C:\temp\Events.csv | Write-HostHighlight error -HideNotMatch

08.write-hosthighlight_import-csv

  • When you send objects and not text to the Write-HostHighlight the output always looks like hash table @{Property1=Value1; Property2=Value2;…}, no matter what type of the object!

  • If we will analyze the object type, returned by the Get-EventLog and Import-Csv, we will see different object types, nevertheless the Write-HostHighlight shows the same output!

Import-Csv C:\temp\Events.csv | Get-Member
Get-EventLog System | Get-Member

09.write-hosthighlight_get-member

Summary

  • The Write-HostHighlight function does not return anything, there is no option to save, pipeline, export or sort its output. It uses the embedded PowerShell $Host object to just write to the console. It is intended for visualization only.

  • For more details about the function, please take a look at the content based help and examples.

Get-Help Write-HostHighlight -Full
Get-Help Write-HostHighlight -Examples
Get-Help Write-HostHighlight -Parameter Highlight

You might also like

New-PercentageBar – Create colored and adjustable Percentage Bar in the PowerShell
Write-Menu – Create interactive dynamic Menu in PowerShell
Start-SleepProgress – Put PowerShell scripts to sleep with Progress Bar
Sort-IpAddress – Intellectually sort IP addresses w/PowerShell

2 thoughts on “Monitor and highlight log files w/PowerShell

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s