Find the Devil in Log Files with PowerShell

Early morning, a good developer comes to the office, start his/her normal routine, checking his assigned tasks. Alert! Alert! there is a critical bug. The customer reported:

Error Code: ahde67g4-23ab-78bc-92ad-abhvbed753g2. Time: 2018-03-04 17:28:00

The system is well-design to not dispose any sensitive information. The system administrator send the development team a bunch of log files on that day.

So far so good except there are 4 servers, each server has around 20 files, each file has 20MB in size. In short, you have to find a golden piece of information among 80 files, 20MB each.

The system is designed in such a way that when a request comes in, it is assigned a unique GUID value. It is called CorrelationId. When a log entry is recorded, it has the CorrelationId. When a request fails, the CorrelationId is returned.

Having correlation id helps us trace everything happened in a request. When a request fails, we extract all the log entries having that correlation id.

Let’s see how we will handle it with the power of Powershell. Powershell is ship with Windows. You have it for free.

What do we have?

  1. A bunch of log files
  2. A keyword to search for: The CorrelationId or known as Error Code.

What do we need?

  1. All log entries of the CorrectionId.
  2. Extract them to a file so we can investigate deeper.

To many developers, it is a trivial task. But if this is the first time for you, it will be cool. I promise.

Servers Log

Inside a server

Log files from a server. Each file has a maximum of 20MB in size. There might be many files

Open PowerShell

In Explorer, navigate to the folder containing all the log files. There might be many subfolders grouped by server name.

Type “Powershell” in the address bar. PowerShell shows up with the current path.

Type Magic Command

dir -filter "*logging.txt.2018-03-04*" -recurse | select-string -pattern "ahde67g4-23ab-78bc-92ad-abhvbed753g2" | select-object -ExpandProperty Line > GoldenLog.txt

Explanation

There are 4 parts in that single-chained command.

dir -filter "*logging.txt.2018-03-04*" -recurse

It says: give me all the files having logging.txt.2018-03-04 in their name, including the files in subfolders. This command will allow us to narrow the searching on files occurred on 2018-03-04.

select-string -pattern "ahde67g4-23ab-78bc-92ad-abhvbed753g2"

Find all the lines (log entry) from files returned from the previous command having the keyword specified after the pattern. You can use a regular expression to expand the search.

If running the combination of the 2 commands, all the matching records are displaying right in the PowerShell editor. In many cases, that might be enough to find the information you need.

select-object -ExpandProperty Line

What you see on the PowerShell is a string representation of a matching object. The above command will extract the matching line, AKA a line in a log file.

> GoldenLog.txt

Finally stream the result to a text file. Having a text file allows you to explore deeper, at least in the case of many records returned.

 

Troubleshooting is a special job that requires a developer (or tester) uses various tools at hands. I would suggest you get started with PowerShell if you are on Windows. I started this blog post 2 weeks ago. I spent 2 weeks using what I wrote here to troubleshoot issues, to fix bugs. I am so happy that I utilize it. So should you when you give it a try.