Wednesday, April 16, 2014

PowerShell 007 - Building the pipe

A Step Back

OK, so I’m a big fan of get-help. I use it just about every time I sit at the PowerShell_ISE. It is partly because I’m old and can’t remember everything, partly because there is simply too much to know, and, as Jeffrey Snover says “I am a flawed human being”. You should check out the Virtual Academy PowerShell Jumpstart session with Jeffrey Snover and Jason Helmick. These two are great Edutainers. So, even if I forget to mention the help system use it and the community to learn.

As you may know, or possibly not yet, PowerShell is a system that returns objects back on request. Even though you may only see a small bit of data returned to the screen the object returned may include much more data. For a quick example, if I want to look at the most recent log entry in my application log I can type;

PS\> Get-EventLog –LogName Application –Newest 1

This returns something like this.



Index, Time, EntryType, Source, InstanceID and Message. It provides some very important data and often this is all I may need to look at. But if I want to see the whole object I can try;

PS\> Get-EventLog –LogName Application –Newest 1 |format-list *

The above means get the same data but display the object in a list, as opposed to a table, and show me the entire (*) object. It looks like this.



Lots more data. For different cmdlets there is going to be different data returned to the screen, which is a sub-set of the entire object.

I actually did something else here. I ‘piped’ the object returned from one cmdlet to another.

Pipeline

Above the simple example takes the single object output from my Get-EventLog cmdlet into the Format-List cmdlet. Great for organizing your output. What happens if you have a cmdlet that returns a lot of data?

PS\> Get-EventLog –LogName Application |Measure

This counts how many objects to output. Right now I would return a measly 2685 events as individual objects. Small application log but way too much to handle. I want to pipe the output to another cmdlet, Select-Object, to trim down the output a bit.

When I pipe the output to Select-Object I can narrow down based on the properties of the object.

PS\> Get-EventLog –LogName Application | Select-Object –Property EventID, MachineName, –First 20

The above uses Select-Object to only show two properties, EventID and MachineName for the first 20 entries in the log.



You can narrow by any data that you are looking for. What if you want to see Source, or EntryType. Just use those properties in your list and you are good.

I find the pipeline to create an incredibly intuitive, readable system that at first glance can look very complex. It reads like a bit of a work flow.
  1. Get all events in the application log
  2. Select from that list the first 20 events
  3. only prepare the EventID, MachineName, Source and EntryType.
  4. Export the data to a webpage
PS\> Get-EventLog –LogName Application | Select-Object –Property EventID, MachineName, source, EntryType  –First 20 |Convertto-HTML |Out-File .\eventlog.html

Other than some typos…




Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)