Home / server / Questions / 65860
In Process
Doug Chase
Asked: 2009-09-17 04:00:58 +0800 CST

Compare an element of an array with the previous element in PowerShell

  • 772

Can someone describe a good pattern to compare $entry[X] to $entry[Y] to determine if they are the same? I'm trying to get readable summaries of my logs and don't want to spit out 400 identical lines.

foreach ($log in $logs) {

    $nm = $log.LogDisplayName

    $header = $log.LogDisplayName
    Write-Host $header
    Add-Content $output "$header Log Errors/Warnings, Past 48 Hours"

    $entries = $log.Entries | ? {$_.TimeWritten -gt ($(Get-Date).AddDays(-2)) -and (($_.EntryType -like "Error") -or ($_.EntryType -like "Warning"))}

    foreach ($entry in $entries) { 


        ***here is where I think I need to compare array elements***


    }


    out-string -inputobject $entries | add-content $output
log-files

4 Answers

  1. To compare the current entry to the previous one:

    $preventry = ""
$newarray = $()
foreach ($entry in $entries) {
    if ($entry -ne $preventry) { $newarray += @($entry) }
    $preventry = $entry
}

    The resulting array $newarray contains all the contents of $entries but with the adjacent duplicates removed.

    • 2

  2. Select-Object is your friend for this sort of task.

    Here's how you can eliminate any duplicates from a collection of strings:

    [123] PS↑ C:\> 'a','b','b','c','d','e','e','f','g' | Select-Object -Unique
a
b
c
d
e
f
g

    If you're working with objects with multiple properties though, that won't be very helpful if the string representation of the object is the same for every object (e.g. Get-Service | Select-Object -Unique returns one object because all service objects convert to System.ServiceProcess.ServiceController when converted to a string, which cannot be used to uniquely identify a service). In cases like that you need to specify which property you want to check for uniqueness.

    Here's another example, that shows you how to get a list of the unique extensions of files in the current directory:

    Get-ChildItem | Select-Object -Property Extension -Unique

    One of these two techniques should help you get the unique collection you are looking for.

    • 1

  3. You might try:

    $entry | sort-object -unique
$entry | sort-object -property TimeWritten

    (if that's the appropriate field).

    The idea is to get rid of duplicates then put it back in the original order.

    • 0

  4. The help for Group-Object in Poweshell has very similar example:

    get-eventlog -logname system -newest 1000 | group-object -property {$_.TimeWritten - $_.TimeGenerated}

    you can easily swap some of the parameters:

    Get-EventLog system -after (Get-Date).adddays(-2) | ?{($_.EntryType -like "Error") -or ($_.EntryType -like "Warning")} | group -property index | ?{$_.count -gt 1}

    This will get all the system log entries for the last 48 hours that are Errors or Warnings and group them by their index. This is uniquely assigned number for each log entry that you can use to identify duplicates. The last part simply filters out all of the entries that are unique and leaves the duplicate ones.

    If you want to check for uniqueness in the messages then use this:

    Get-EventLog system -after (Get-Date).adddays(-2) | ?{($_.EntryType -like "Error") -or ($_.EntryType -like "Warning")} | group -property messages -noelement

    This shows the count of the unique messages in the given log interval.

    • 0