对可变长度空格使用ConvertFrom-Csv -Delimiter
对可变长度空格使用ConvertFrom-Csv -Delimiter
提问于 2019-01-07 23:50:08
我有一个生成Windows安全事件CSV文件的报告。通过这份报告,我想要提取特定的信息。
下面的代码通过字段之间的空格来解析每行数据。这可以正常工作:
$InStuff = Get-Content -Path 'SecurityEvents.csv'
$ColCount = $InStuff[1].Split(' ').Count
$Collection = $InStuff | ConvertFrom-Csv -Delimiter ' ' -Header (1..$ColCount).ForEach({"Column_$_"})
$Collection |
Select-Object -Property 'Column_17', 'Column_83'CSV的样本行:
<134>Dec 13 13:50:23 10.137.119.42 MSWinEventLog 1 Security 123456789 Thu Dec 13 13:50:23 2018 4662 Microsoft-Windows-Security-Auditing MyCompany\dy625 N/A Success Audit mydc1.dy625.com Directory Service Access An operation was performed on an object. Subject : Security ID: S-123456 Account Name: dy625 Account Domain: MyCompany Logon ID: XXXXXXXX Object: Object Server: DS Object Type: %{XXXXXXXX-XXXXXXXX-XXXXXXXX} Object Name: %{XXXXXXXX-XXXXXXXX-XXXXXXXX} Handle ID: 0x0 Operation: Operation Type: Object Access Accesses: Write Property Access Mask: 0x20 Properties: Write Property {XXXX-XXXX-XXXXX} {XXXX-XXXX-XXXXX} {XXXX-XXXX-XXXXX} {XXXX-XXXX-XXXXX} Additional Information: Parameter 1: - Parameter 2: 123456
<134>Dec 13 13:50:18 10.137.119.42 MSWinEventLog 1 Security 123456789 Thu Dec 13 13:50:18 2018 4662 Microsoft-Windows-Security-Auditing MyCompany\dy626 N/A Success Audit mydc1.dy625.com Directory Service Access An operation was performed on an object. Subject : Security ID: S-123456 Account Name: dy626 Account Domain: MyCompany Logon ID: XXXXXXXX Object: Object Server: DS Object Type: %{XXXXXXXX-XXXXXXXX-XXXXXXXX} Object Name: %{XXXXXXXX-XXXXXXXX-XXXXXXXX} Handle ID: 0x0 Operation: Operation Type: Object Access Accesses: Write Property Access Mask: 0x20 Properties: Write Property {XXXX-XXXX-XXXXX} {XXXX-XXXX-XXXXX} {XXXX-XXXX-XXXXX} {XXXX-XXXX-XXXXX} Additional Information: Parameter 1: - Parameter 2: 123456
<134>Jan 4 13:50:14 10.137.118.22 MSWinEventLog 1 Security 123456789 Thu Dec 13 13:50:14 2018 4662 Microsoft-Windows-Security-Auditing MyCompany\dy627 N/A Success Audit mydc1.dy625.com Directory Service Access An operation was performed on an object. Subject : Security ID: S-123456 Account Name: dy627 Account Domain: MyCompany Logon ID: XXXXXXXX Object: Object Server: DS Object Type: %{XXXXXXXX-XXXXXXXX-XXXXXXXX} Object Name: %{XXXXXXXX-XXXXXXXX-XXXXXXXX} Handle ID: 0x0 Operation: Operation Type: Object Access Accesses: Write Property Access Mask: 0x20 Properties: Write Property {XXXX-XXXX-XXXXX} {XXXX-XXXX-XXXXX} {XXXX-XXXX-XXXXX} {XXXX-XXXX-XXXXX} Additional Information: Parameter 1: - Parameter 2: 123456一个意想不到的问题是,Windows没有像我预期的那样格式化日期。例如,请参见以下内容
<134>Dec 13
<134>Jan 4如果你注意到了,在“Jan”和“4”之间有两个空格,而在“Dec”和“13”之间有一个空格。这意味着我需要运行两个不同的脚本,具体取决于每月的哪一天。
我想知道是否有可能使分隔符“可变”空白,而不是在这个特定的实例中定义一个单一的' '。看起来在ConvertFrom-Csv命令中不支持这个功能--我不确定我该如何重写我的代码来适应它。
回答 2
Stack Overflow用户
回答已采纳
发布于 2019-01-08 00:09:43
您将需要添加另一个步骤,将“两个或更多空格字符”替换为一个空格。就像这样..。
# fake reading in a text file
# in real life, use Get-Content
$Test = @'
dec 13 qwerty
jan 4 asdfgh
'@ -split [environment]::NewLine
$Test -replace '\s{2,}', ' ' |
ConvertFrom-Csv -Delimiter ' ' -Header 'One', 'Two'输出...
One Two
--- ---
dec 13
jan 4 Stack Overflow用户
发布于 2019-01-08 00:02:02
只需将所有双空格替换为单个空格:
$InStuff = $InStuff.Replace(' ',' ')页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/54077553
复制相关文章
相似问题
腾讯云开发者
