I am trying to Search a String from a Variable.
I am dumping Azure Activity Logs in a variable and trying to find a specific line for that log. Here is my codes below.
$log=Get-AzLog -ResourceId "/subscriptions/SubscriptionID/resourceGroups/ResourceGroupName/providers/Microsoft.Sql/servers/qcsqldw/databases/DatabaseName" -StartTimeĀ 2020-04-01T00:30
$find=$log | Select-String -Pattern 'Microsoft.Sql/servers/databases/resume/action'
Write-Output $find
I am trying to Search this Line "Action : Microsoft.Sql/servers/databases/resume/action" from the Log
While running the above script I did not got any output.
Please help me on this.
It seems you are searching the the Authorization Action property from your Azure Activity resource logs. If this is the case then you don't need to do any string searching, and simply reference the Authorization.Action property. Get-AzLog will give you a System.Object[], which can just be queried normally with Foreach-Object or Where-Object. You can find out this type information with (Get-AzLog).GetType().FullName.
You could run this query to get all your results with Foreach-Object:
Get-AzLog -ResourceId $id -StartTime 2020-04-01T00:30 | ForEach-Object {$_.Authorization.Action}
Which will give you the Authorization.Action property from all your logs that ran from the start time 2020-04-01T00:30.
If you want to modify this query to search for a specific action, you can filter with Where-Object, then select Authorization.Action from the results:
(Get-AzLog -ResourceId $id -StartTime 2020-04-01T00:30 | Where-Object {$_.Authorization.Action -eq "Microsoft.Sql/servers/databases/resume/action"}).Authorization.Action
Related
I am trying to build a script to gather the DFSR backlog details of a list of servers.
So far the script will query a text file for a list of servers.
From that list it will use various Powershell commands to determine what replication groups it is a member of and what connections it has. Once I have that data stored in variables I can then use it in dfsrdiag backlog to check the status.
The problem I have is how can I capture and set select properties to variables that I can use to create the dfsrdiag command.
Anyone out there know the best way to select the particular properties and store then to variables in Powershell?
Cheers
Woodsy
Here is a simple example using get-service. You can create an object called $report that contains only the properties you want. You can export $Reportto a CSV.
All you need to do is apply this to your script.
$Services = Get-Service | Where-Object {$_.name -like "A*"}
[Array]$Report = foreach ($service in $Services)
{
[PScustomobject]#{
Name = $service.DisplayName
Shortname = $service.name
Status = $service.Status
StartType = $service.StartType
}
}
$Report | select Name, Shortname, Status, StartType
I'd like to pipe output from sc query to a method in powershell. For example, checking the status of a service and finding the part that says "STOPPED", and performing an action based on that output.
Is there a way to do this right from the output of sc query? Or do I need to output the results to a text file, and then.. I'm not sure, run a for-loop to find the piece I'm looking for to make an if condition true / false.
This is what I have so far:
Function IsStopped {
sc.exe query remoteregistry >> RemoteRegistry.txt
Get-Content -Path C:\RemoteRegistry.txt | Where-Object {$_ -like '*stopped*'} | ForEach-Object {
}
Not sure where to go next?
PowerShell has a cmdlet for examining services. Running Get-Service without parameters gives you all of the running services in the same way sc.exe does (actually while researching this I reminded myself that in PowerShell sc, without .exe, is an alias for Set-Content, so I ended up generating some useless files. This might be another good reason to use Get-Service to avoid confusion with Set-Content).
Running Get-Service | Get-Member gives a list of the properties and methods from the output of the command. Status is the Property of interest, so we run:
Get-Service | Where-Object { $_.Status -eq 'Stopped' }
The output of this command can then be piped into a for each loop as you have suggested, and each service's properties or methods can be accessed using the $_ shorthand:
Get-Service | Where-Object { $_.Status -eq 'Stopped' } | ForEach-Object {
Write-Host "Do something with $($_.ServiceName)"
}
It is possible to restart services in this manner, using $_.Start(), but I would recommend writing some error handling into the process if that's your ultimate aim.'
If you need more information, such as the executable, you might want to look here:
How can I extract "Path to executable" of all services with PowerShell
I have a following piped command that should print a GPO name and the group that is associated with it, repeating this untill all GPOs and groups have been printed. The output isn't right though. The name comes out correctly but the group says Microsoft.GroupPolicy.GPTrustee instead of the groups name.
How should I access it to get the value?
Here is my piped command:
Get-GPO -All | ForEach-Object {$gpo = $_.DisplayName; Write-Output $_;} | Get-GPPermission -All |
Where-Object {$_.Permission -eq "GpoApply"} |
Select-Object #{Name="GpoName"; Expression={$gpo}},#{Name="Group"; Expression={$_.trustee}}
EDIT: The problem was solved, but I'll still copy the output of "Microsoft.GroupPolicy" -object here to clarify why I thought I'd be able to access it with $_.trustee variable.
It looked like this so $_.trustee.name didn't even cross my mind.
Trustee : Domain Computers
TrusteeType : Group
Permission : GpoApply
Inherited : False
I'm trying to sort the AWS Instances I pull with the Get-EC2Instance cmdlet but the issue I'm facing is that the property is a Tag and I'm not sure how to format it properly. I only know about assigning simple properties like "Sort-Object -Property Name".
I used the following to get the AWS Instances filtered by the Name tag.
$ids = Get-EC2Instance -Filter #( #{name='tag:Name'; values="*EXAMPLE*"}) | Select-Object -ExpandProperty instances | #insert sort here
Trying to pipeline sort in the last part. I tried properties like tag, tag:Name, tag:Key=Name but all failed. When I used Get-EC2Image, I had no issues with Sort Name but can't figure it out for Get-EC2Instance.
There is a AWS CLI version and answer at Sort EC2 Instances by Tag Name but I wasn't able to apply it to PowerShell.
EDIT: Rewrote question and added more details since it got downvoted.
You can pipe the output to Sort-Object cmdlet. I dont have access to a AWS instance to test this. But try variation of this command
$ids = Get-EC2Instance -Filter #( #{name='tag:Name'; values="*EXAMPLE*"}) | Select-Object -ExpandProperty instances | Sort-Object $_.Tag.Value
There are two ways. You can get the object using the $_
OR
You can reference the property directly by using a method chain like:
(Get-EC2Instance).instances.tag.value
I am trying to parse locally stored saved extx files from other 2008 servers using Powershell. My first goal is to parse by "Error" level. I used the following PS command:
Get-WinEvent -Path C:\Logs\logfile.evtx | Where-Object {$_.LevelDisplayName -eq 'Error'}
However, I only get back a fraction of the "errors' from the event logs. Any ideas on what I'm doing wrong? I've also tried the -FilterHashtable flag, although I think that would only work on my own logs, correct? Thanks.
put your command in array
$a= #(Get-WinEvent -Path C:\Logs\logfile.evtx)
then get
$a[0..25] | where { $_.leveldisplayname -match "Error" }
i suppose you have 25 event log in your file