0 
$AuditSuccess = Import-Csv -Path G:\LabLog.csv | Where-Object { $_.Keywords -like "Audit Success" } | Measure-Object | Select-Object count 

$AuditFailure = Import-Csv -Path G:\LabLog.csv | Where-Object { $_.Keywords -like "Audit Failure" } | Measure-Object | Select-Object count

$AuditTotal = $AuditSuccess + $AuditFailure

$EventID1 = Import-Csv -Path G:\LabLog.csv | sort | group Keywords | sort $_.EventID | select EventID -last 1

$EventID2 = Import-Csv -Path G:\LabLog.csv | sort | group Keywords | sort $_.EventID | select EventID -last 1


Write-Host "Number of Audit Failures:" $AuditFailure "failures of" $AuditTotal "entries"
Write-Host "Most Common Event ID:" $EventID1
Write-Host "Number of Audit Successes:" $AuditSuccess "successes of" $AuditTotal "entries"
Write-Host "Most Common Event ID:" $EventID2

我对 Powershell 还很陌生,并尝试将其用于分配我需要导入 csv 日志,然后从中提取特定信息,在这种情况下,所有日志中的失败和成功次数以及最常见的事件 ID来自失败和成功。

代码的 AuditFailure 和 AuditSuccess 部分在某种程度上起作用,尽管结果显示为 {count = ##} 而不是数字。真正的问题在于 AuditTotal 和 EventID,它们在总计的情况下没有产生任何结果,或者在 EventID 的情况下给出的结果为空白。

我不知道这些是否是为此使用的最佳命令,并且愿意提供任何帮助来解决这个问题。

Method invocation failed because [System.Management.Automation.PSObject] does 
not contain a method named 'op_Addition'.
At line:5 char:1
+ $AuditTotal = $AuditSuccess + $AuditFailure
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (op_Addition:String) [], 
RuntimeException
    + FullyQualifiedErrorId : MethodNotFound

Number of Audit Failures: @{Count=13} failures of  entries
Most Common Event ID: @{EventID=}
Number of Audit Successes: @{Count=6480} successes of  entries
Most Common Event ID: @{EventID=}

抱歉,这是错误输出

Number of Audit Failures: 2469 failures of 19247 entries                               
  Most common Event ID: 5038     
Number of Audit Successes: 16778 successes of 19247 entries                               
  Most common Event ID: 4624

这是它应该看起来的样子,尽管数字是不同的

4

3 回答 3

0

这是另一种避免多次重新读取 CSV 文件的方法。它还避免了经常通过管道发送东西。[咧嘴笑] 

# fake reading in a CSV file
#    in real life, use Import-CSV
$InStuff = @'
EventID, Keywords
1001, Audit Success; SomeOtherWord
1001, Audit Success
2002, NothingRightNow
3003, Audit Failure
4004, Audit Success
5005, IgnoreThisOne
6006, Audit Success
7007, Audit Failure
7007, Audit Failure
'@ | ConvertFrom-Csv

$SuccessList = $InStuff.Where({$_.Keywords -match 'success'})
$SuccessCount = $SuccessList.Count
$SL_MostFrequentEventID = ($SuccessList |
    Group-Object -Property EventID |
    Sort-Object -Property Count)[-1].Name


$FailureList = $InStuff.Where({$_.Keywords -match 'failure'})
$FailureCount = $FailureList.Count
$FL_MostFrequentEventID = ($FailureList |
    Group-Object -Property EventID |
    Sort-Object -Property Count)[-1].Name

$FS_TotalCount = $FailureCount + $SuccessCount

Write-Host ''
Write-Host ('Number of Audit Failures {0} out of {1} entries.' -f $FailureCount, $FS_TotalCount)
Write-Host ('    Most Common Failure Event ID = {0}' -f $FL_MostFrequentEventID)
Write-Host ('Number of Audit Successes {0} out of {1} entries.' -f $SuccessCount, $FS_TotalCount)
Write-Host ('    Most Common Success Event ID = {0}' -f $SL_MostFrequentEventID)

输出 ... 

Number of Audit Failures 3 out of 7 entries.
    Most Common Failure Event ID = 7007
Number of Audit Successes 4 out of 7 entries.
    Most Common Success Event ID = 1001
于 2018-11-07T00:36:15.487 回答
0

最终有几个问题;让我们从主要的开始:

$AuditTotal = $AuditSuccess + $AuditFailure

导致[System.Management.Automation.PSObject] does not contain a method named 'op_Addition'错误,因为$AuditSuccess$AuditFailure,其值被分配Select-Object count,是自定义对象,而不是数字- 并且运算+(转换为op_Addition方法)没有为自定义对象操作数(类型的操作数[pscustomobject])定义。

要使用Select-Object提取单个属性,您必须使用-ExpandProperty; 例如:

$AuditSuccess = ... | Measure-Object | Select-Object -ExpandProperty Count

如果没有-ExpandProperty,使用(隐含的)-Property参数,您将获得一个[pscustomobject]具有单个属性的实例.Count

下一个问题是它sort $_.EventID不能按预期工作,因为自动变量在脚本块$_中只有一个(有意义的)值;没有预定义的值(不应该有),评估为并被有效地忽略$_$_.EventId$null

虽然Sort-Object EventId通常是正确的解决方案(只提供属性名称),但在这种情况下,输入对象没有属性.EventId,因为group( Group-Object) 输出的是[Microsoft.PowerShell.Commands.GroupInfo]每个代表一原始输入对象的实例。

根据您在 success 和 failures 中查找最频繁发生的事件 ID 的意图,必须将命令重组如下,以 successes 为例:

$EventID1 = Import-Csv -Path G:\LabLog.csv | 
  Where-Object { $_.Keywords -like "Audit Success" } | 
    Group-Object EventID |
      Sort-Object Count -Descending |
        Select-Object -ExpandProperty Values -First 1

也就是说,输入对象首先按关键字过滤,然后按事件 ID 分组,然后按每个事件 ID 组中的对象计数排序,返回条目最多的组的事件 ID。

最后:

  • 你的代码中有很多重复的工作,最明显的是重复调用Import-Csv同一个输入文件,这会减慢它的速度。

  • Write-Host通常是使用错误的工具,除非意图明确地只写入显示器,绕过 PowerShell 的输出流。

于 2018-11-07T00:16:32.147 回答
-1 
$AuditSuccess = Import-Csv -Path G:\LabLog.csv | Where-Object { $_.Keywords -like "Audit Success" } | Measure-Object | Select-Object -ExpandProperty count 

$AuditFailure = Import-Csv -Path G:\LabLog.csv | Where-Object { $_.Keywords -like "Audit Failure" } | Measure-Object | Select-Object -ExpandProperty count

$AuditTotal = $AuditSuccess + $AuditFailure

$EventID1 = Import-Csv -Path G:\LabLog.csv | Where-Object { $_.Keywords -like "Audit Success" } | sort $_.EventID | Select-Object -ExpandProperty EventID -last 1

$EventID2 = Import-Csv -Path G:\LabLog.csv | Where-Object { $_.Keywords -like "Audit Failure" } | sort $_.EventID | Select-Object -ExpandProperty EventID -last 1


Write-Host "Number of Audit Failures:" $AuditFailure "failures of" $AuditTotal "entries"
Write-Host "Most Common Event ID:" $EventID1
Write-Host "Number of Audit Successes:" $AuditSuccess "successes of" $AuditTotal "entries"
Write-Host "Most Common Event ID:" $EventID2

感谢您的帮助,这是答案。

于 2018-11-07T00:31:26.847 回答