Created
October 9, 2011 13:28
-
-
Save zippy1981/1273688 to your computer and use it in GitHub Desktop.
Powershell Scripts to load evetlogs into mongodb and then query them
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *~ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # We need the new version of the powershell runtime | |
| $mongoDriverPath = "$(Split-Path -Parent $MyInvocation.MyCommand.Path)\bin"; | |
| Add-Type -Path "$($mongoDriverPath)\MongoDB.Bson.dll"; | |
| Add-Type -Path "$($mongoDriverPath)\MongoDB.Driver.dll"; | |
| $bsonDoc = [MongoDB.Bson.BsonDocument] @{ | |
| Name = 'Justin Dearing' | |
| EmailAddresses = '[email protected]','[email protected]' | |
| }; | |
| #$bsonDoc.ToHashtable() | |
| New-Object PSObject -Property $bsonDoc.ToHashtable() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Check to see if we are running the 64 bit version of Powershell. | |
| # See http://stackoverflow.com/questions/2897569/visual-studio-deployment-project-error-when-writing-to-registry | |
| if ([intptr]::size -eq 8) { | |
| $mongoDriverPath = (Get-ItemProperty "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v3.5\AssemblyFoldersEx\MongoDB CSharpDriver 1.2").'(default)'; | |
| } | |
| else { $mongoDriverPath = (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\.NETFramework\v3.5\AssemblyFoldersEx\MongoDB CSharpDriver 1.2").'(default)'; } | |
| Add-Type -Path "$($mongoDriverPath)\MongoDB.Bson.dll"; | |
| Add-Type -Path "$($mongoDriverPath)\MongoDB.Driver.dll"; | |
| $db = [MongoDB.Driver.MongoDatabase]::Create('mongodb://localhost/powershell'); | |
| $collection = $db['eventlogs'] | |
| $collection.Drop(); | |
| Get-EventLog -List | ForEach-Object { | |
| Get-EventLog $_.Log -After '2011-10-08' | ForEach-Object { | |
| $collection.Insert(@{ | |
| HostName = $Env:COMPUTERNAME; | |
| Log = 'Application' | |
| Index = $_.Index; | |
| Time = $_.Time; | |
| EntryType = $_.EntryTime; | |
| Source = $_.Source; | |
| InstanceId = $_.InstanceId; | |
| Message = $_.Message; | |
| }, [MongoDB.Driver.SafeMode]::True) > $null; | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-MongoEventLog ( | |
| [Parameter(Position=0)][string] $Regex = '.*', | |
| [Parameter(Position=1)][string] $Log = $null | |
| ) | |
| { | |
| Add-Type -Path "bin\MongoDB.Bson.dll"; | |
| Add-Type -Path "bin\MongoDB.Driver.dll"; | |
| $db = [MongoDB.Driver.MongoDatabase]::Create('mongodb://localhost/powershell'); | |
| [MongoDB.Driver.MongoCollection] $collection = $db['eventlogs'] | |
| [MongoDB.Driver.QueryDocument] $query = [MongoDB.Driver.QueryDocument]@{ 'Source' = @{ '$regex' = $Regex; '$options' = 'i' } } | |
| if (-not [String]::IsNullOrEmpty($Log)) { $query['Log'] = $Log } | |
| $collection.Find($query).SetLimit(10) | ForEach-Object { | |
| # Notice how ToHashTable() saves us a lot of keystrikes. | |
| New-Object PSObject -Property $_.ToHashTable() | |
| } | Select-Object HostName, Log, Source, InstanceId, Index, Message | |
| } | |
| # Example | |
| Get-MongoEventLog 'service' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-MongoEventLog ( | |
| [Parameter(Position=0)][string] $Regex = '.*', | |
| [Parameter(Position=1)][string] $Log = $null | |
| ) | |
| { | |
| # Check to see if we are running the 64 bit version of Powershell. | |
| # See http://stackoverflow.com/questions/2897569/visual-studio-deployment-project-error-when-writing-to-registry | |
| if ([intptr]::size -eq 8) { $mongoDriverPath = (Get-ItemProperty "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v3.5\AssemblyFoldersEx\MongoDB CSharpDriver 1.2").'(default)'; } | |
| else { $mongoDriverPath = (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\.NETFramework\v3.5\AssemblyFoldersEx\MongoDB CSharpDriver 1.2").'(default)'; } | |
| Add-Type -Path "$($mongoDriverPath)\MongoDB.Bson.dll"; | |
| Add-Type -Path "$($mongoDriverPath)\MongoDB.Driver.dll"; | |
| $db = [MongoDB.Driver.MongoDatabase]::Create('mongodb://localhost/powershell'); | |
| [MongoDB.Driver.MongoCollection] $collection = $db['eventlogs'] | |
| [MongoDB.Driver.QueryDocument] $query = [MongoDB.Driver.QueryDocument]@{ 'Source' = @{ '$regex' = $Regex; '$options' = 'i' } } | |
| if (-not [String]::IsNullOrEmpty($Log)) { $query['Log'] = $Log } | |
| $collection.Find($query).SetLimit(10) | ForEach-Object { | |
| $obj = @{}; | |
| $ht = $_.Elements | |
| $ht | ForEach-Object { $obj[$_.Name] = $_.Value; } | |
| New-Object PSObject -Property $obj | |
| } | Select-Object HostName, Log, Source, InstanceId, Index, Message | |
| #} | Select-Object HostName, Log, Source, InstanceId, Message | |
| } | |
| # Example | |
| Get-MongoEventLog 'service' | Out-GridView |
View raw
(Sorry about that, but we can’t show files that are this big right now.)
View raw
(Sorry about that, but we can’t show files that are this big right now.)
View raw
(Sorry about that, but we can’t show files that are this big right now.)
View raw
(Sorry about that, but we can’t show files that are this big right now.)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment