0

Disclaimer:

I have a log file ~1200 lines long, so not overly huge. The log file is a mixture of 'plain text' and then that 'plain text' is repeated as XML. I want to select (and ultimately remove) the blocks of 'plain text' so the blocks of XML remain.

The plain text blocks start with Log Name: then some more text on that line, then multiple lines with text, finishing with Event Xml: (nothing else on this line).

Example plain text block:

Log Name:      AD FS Tracing/Debug
(multiple lines of text)
Event Xml:

My attempts either select nothing, or everything, or eveything from the first Log Name: to the last Event Xml:

Example regex pattern:

'(?smi)Log Name:.*Event Xml:'

Have tried this in powershell and notepad++. The log files are from Event Viewer on Windows 2012R2, so alternative solution to solve my overall issue: How to you export just the XML from Event Viewer?

Edit: (@ https://stackoverflow.com/users/3832970/wiktor-stribi%c5%bcew)

'(?si)Log Name:.*?Event Xml:' selects the entire log file. I had tried modifying the similar questions, but it doesn't select what I want. Hence why I asked my specific question - it's not a duplicate.

Community
  • 1
  • 1
Rincey_nz
  • 99
  • 2
  • 10
  • 1
    `'(?si)Log Name:.*?Event Xml:'` – Wiktor Stribiżew Mar 14 '17 at 19:06
  • Because this been marked as duplicate can't answer it, but here's the solution. Checked the regex on regex101.com and `(?sig)Log Name:.*?Event Xml:` worked. So the regex was correct, powershell wasn't. In the end changed from Select-String to the [regex]::matches class/method `[regex]::Matches($raw,'(?msi)Log Name:.*?Event Xml:') | %{$_.value}` – Rincey_nz Mar 15 '17 at 00:32
  • It is still an off-topic question and a dupe of the post mentioned (because your attempt was with a *greedy* quantifier). If you want it reopened, edit the question to inlcude all the relevant code that did not work. – Wiktor Stribiżew Mar 15 '17 at 07:15

0 Answers0