Extract dates from string and convert it to UTC

events

Today I want to show you how to extract dates from string. Recently I posted article about getting IP address from log file. This time its a little bit more compliacted as date format in string is invalid.

Extract date from string

Extracting dates from string is pretty simple if you know the regex pattern. In my case I had to get all dates from string and use it as a time frame paramter in Get-EventLog command.

Part of a string was:

[2365.0 (24/09/18 10:45:00), 3170.0 (24/09/18 10:40:00), 2916.0 (24/09/18 10:35:00)]

To extract this I used Select-String command with ‘\d{2}/\d{2}/\d{2}\s+\d{2}:\d{2}:\d{2}’ regex pattern.

$Input = "[2365.0 (24/09/18 10:45:00), 3170.0 (24/09/18 10:40:00), 2916.0 (24/09/18 10:35:00)]"
$regex = '\d{2}/\d{2}/\d{2}\s+\d{2}:\d{2}:\d{2}'
$Matched = $input | select-string  -Pattern $regex -AllMatches | % { $_.Matches } | % { $_.Value }
dates
dates

Unfortunately extracted dates are invalid and they will be not recognized as a date parameter:

Get-Date : Cannot bind parameter 'Date'. Cannot convert value "24/09/18 10:35:00" to type "System.DateTime". Error: "String was not recognized as a valid

To fix it I had to replace year from (24/09/18) to (24/09/2018) and change culture to en-GB beacuse of the date format – dd/mm/yyyy. As a workaround I inserted number 20 into date – $Dates[0].Insert(6,"20").

In my case I need only fist[0] and last[2] date to create time frame for getting logs from eventviewer. Additionally I modified dates by extending time by 5 minutes:

$Dates = $Matched | Sort-Object
$GBculture = [Globalization.cultureinfo]::GetCultureInfo("en-GB")
$FirstDate =  [datetime]::Parse(@($Dates[0].Insert(6,"20")),$GBculture) | % {$_.ToUniversalTime()} 
$LastDate = [datetime]::Parse(@($Dates[2].Insert(6,"20")),$GBculture) | % {$_.ToUniversalTime()} 

$FirstDate =  $FirstDate.AddMinutes(-5)
$LastDate = $LastDate.AddMinutes(5)

In final script I’ve included part for checking Networker events during that time. Of course you can modify this to check other events:

$Results = @()
$Input = "[2365.0 (24/09/18 10:45:00), 3170.0 (24/09/18 10:40:00), 2916.0 (24/09/18 10:35:00)]"
$Servers = "SQLServer01","SQLServer02"
$regex = '\d{2}/\d{2}/\d{2}\s+\d{2}:\d{2}:\d{2}'

$Matched = $input | select-string  -Pattern $regex -AllMatches | % { $_.Matches } | % { $_.Value }
$Dates = $Matched | Sort-Object

$GBculture = [Globalization.cultureinfo]::GetCultureInfo("en-GB")
$FirstDate =  [datetime]::Parse(@($Dates[0].Insert(6,"20")),$GBculture) | % {$_.ToUniversalTime()} 
$LastDate = [datetime]::Parse(@($Dates[2].Insert(6,"20")),$GBculture) | % {$_.ToUniversalTime()} 

$FirstDate =  $FirstDate.AddMinutes(-5)
$LastDate = $LastDate.AddMinutes(5)

$Results = icm -cn $Servers {param($FirstDate,$LastDate)
        Get-EventLog  -LogName "Application" -Source "Networker" -After (Get-Date $FirstDate) -Before (Get-Date $LastDate) 
    } -ArgumentList $FirstDate,$LastDate 

$Results | Select-Object @{n='ServerName';e={$_.pscomputername}},TimeGenerated,Source,Message | Format-Table -AutoSize

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.