Finding the most common errors in event logs using Powershell.

Posted by Paul on Server Fault See other posts from Server Fault or by Paul
Published on 2011-11-22T13:40:20Z Indexed on 2011/11/23 9:54 UTC
Read the original article Hit count: 287

Filed under:
|
|
|

I have the event logs for one of our servers locally in .evtx format. I can load the log file into PS using the command:

Get-WinEvent -Path D:\Desktop\serverlogs.evtx

What I would like to do is on the Message field group events where the text matches by a certain percent (say 80% the same). As we have stacktraces for errors in the details which will be the same, but we also log the client's IP, url that was accessed which will likely be different.

I want to group them so that I can work out the most common errors to prioritize fixing them and as there are 25,000+ errors in the log file I would rather not do it manually.

I think I can work out how to do most of this, but am not sure how I could do the 'group fields which are mostly the same' part, does powershell have anything like this built in?

© Server Fault or respective owner

Related posts about Windows

Related posts about powershell