Technique for Parsing String Output into PowerShell Objects

I just read a cool article about parsing netstat output (aka unformatted string output) into PowerShell objects.  The solution was great (and their approach taught me that select-object has a -skip # parameter that can be used to chop off the first # of objects from an array, which is super useful), but since I would approach it in a totally different manner, I figured that I'd write out my technique!  I want to be clear: I'm not saying that one approach is better than the other.  There are often many perfectly valid solutions to a scripting problem.  In some situations, one might be preferable to another though, and so here's another option to add to the old toolbelt.

(netstat -an | ? {$_ -match '^  '}).trim() -replace '  +',';' | ConvertFrom-Csv -Delimiter ';'

That's a pretty dense line (and it's worth noting that there are two adjacent space characters before the plus in the replace string and in the match string), so let's break it down.

First, I'm getting my netstat output with "netstat -an" and then I'm starting to let PowerShell do its magic.  The first challenge that I noticed with the raw string output of the netstat command is that it has a bunch of formatting lines at the top that don't actually contain data that I care about.  In fact, all of the lines that I care about are "indented" with a double space... so I need to filter those results to only show me lines that begin with two space characters (and then remove them).  To do that, I pipe the output of my netstat command into ? and use the regex match "^  ".  That regex literally looks for two space characters at the start of a line.  Once I've filtered down to only the data lines, I do a quick trim() to remove those leading (and any trailing) spaces.  Here's that command, for anyone who wants to follow along:

(netstat -an | ? {$_ -match '^  '}).trim()

That's already a great improvement in parsability over the raw netstat output, but the fact that netstat uses space characters both to separate the columns and in the column headers is a bit of a pain.  If we were going through this line by line in a ForEach loop, we could split each line based on the '  +' regex (which means two or more adjacent space characters), but we can solve this without going into a loop.  I did that by replacing every sequence of two or more adjacent space characters with a single semi-colon character.  Here it is with that command:

(netstat -an | ? {$_ -match '^  '}).trim() -replace '  +',';'

While that makes the netstat output less readable to us as humans, it makes it way easier for PowerShell to parse.  Now, we've just got a CSV (although it uses a semicolon delimiter instead of a comma).  In all honesty, I could have probably gotten away with using a comma in my "replace" command in this situation, but people like to use commas in their data strings sometimes and I've been bit by that in the past.  Also, it's trivial to tell PowerShell to just use a different delimiter when interpreting a CSV: ConvertFrom-Csv -Delimiter ';'

And that brings us to the whole command:

(netstat -an | ? {$_ -match '^  '}).trim() -replace '  +',';' | ConvertFrom-Csv -Delimiter ';'

Where might you want to use this approach vs. Sean's approach?  Well, we do generate different outputs.  My command here generates a 1:1 array of PowerShell objects out of the Netstat command, with one property per column.  It doesn't care how many columns there are or what their headers are, as long as the data follows the formatting standard of being separated by two or more space characters it will generate an object with one property per column.  Sean's solution in tailor-made to that specific Netstat command (although you could obviously customize it for whatever string output you want), but that customization means that it can go deeper.  He extracts the port numbers from the two Address fields, for example, which might be a critical piece of information for a particular use case!

So yeah, neither approach is inherently better than the other, and in fact elements of each can be combined to do even more cool stuff if you want!

Update: Ok, because I'm a glutton for punishment (well really, it just seemed like an interesting problem), I decided to go ahead and put together an example that uses this technique to split out the IP and Port values into their own properties:

$lines = (netstat -an | ? {$_ -match '^  '}).trim() -replace '  +',';' | ConvertFrom-Csv -Delimiter ';'

foreach ($line in $lines){

foreach ($loc in @("foreign", "local")){

$ip,$port = if ($line."$loc address" -match "(.*):(.*)"){$matches[1],$matches[2]}

$line | add-member -type NoteProperty -name "$loc-IP" -value $ip

$line | add-member -type NoteProperty -name "$loc-Port" -value $port

}

}

$lines


There are two parts of this addition that I want to touch on.  The first is that I decided to be needlessly clever when parsing out the data for the "local address" and "foreign address" properties by making an array of the words "local" and "foreign" and then running the same commands on each of them so that I wouldn't need to duplicate code.

The actually interesting thing here is how we split out the IP from the Port, given that the : character is both used to separate them and within the IP for an IPv6 line.  I got the idea to use RegEx capture groups from jdgregson on StackOverflow (although I changed the suggested regex to better fit my purposes here and be easier to read).  A Regular Expression lets you use parenthesis to specify a capture group, which can be referred to later.  In PowerShell, the capture groups get thrown into the $matches variable as an array. 

The (.*):(.*) Regular Expression is pretty simple: it creates two capture groups, one from everything until the last : in the line, and one from everything after that.  It effectively splits on the last instance of a : in the line.  But, why does it work that way?  RegEx is greedy, but it needs to match if it can!  When you specify (.*) you are saying as many characters as possible, regardless of the character... but then we've got that : in there.  So, there has to be a : after that "as many characters as possible", so we've effectively identified the final : in the line.  The second (.*) lets us then capture all of the remaining characters.  So, our RegEx very easily grabs the IP (be it IPv4 or IPv6) and separates it from the port, into $matches[1] and $matches[2].  I assign those to $ip and $port, then add those properties to my lines.  Voila!

Comments

Post a Comment

Sorry guys, I've been getting a lot of spam recently, so I've had to turn on comment moderation. I'll do my best to moderate them swiftly after they're submitted,

Popular posts from this blog

PowerShell Sorting by Multiple Columns

PowerShell's Sort-Object cmdlet is super useful, especially when preparing output for human consumption.  A few people have found my blog while looking for more information about its use, specifically while looking for how to sort by multiple columns (well, properties, technically).  I've never done so (much less written about it), so I hope those folks found answers elsewhere.  But, it got me curious... and it turns out that it's really easy. The Technet article on Sort-Object has the answer directly spelled out: just use commas to create a list of properties to sort by (in order to precedence).  Let's look at some examples!  First, prepare a variable with some good sortable data: $myData = get-eventlog System -newest 25 And then we can get to sorting!  Say you want to sort primarily by EntryType (Warning, Information, Error) and then by Source.  Easy-peasy: $myData | sort EntryType,Source How about if you want it to be in descending order?  Yeah, there&
Read more

Clone a Standard vSwitch from one ESXi Host to Another

One of my customers is standardizing the configurations on their HP C7000 enclosures (they've been set up at various sites by various administrators with varying involvement from the architecture team).  As such, we need to stand up some temporary resources so that we can take down the main enclosure for reconfiguration.  That's fine, we can easily ship a smaller enclosure to each site for temporary compute resources.  Some of the sites are using Standard vSwitches, so we need to be able to quickly copy the networking configuration over from their existing blades to these new, slightly different blades.  As I see it, we had 2 good options: 1) Capture a Host Profile with the desired vSwitch configuration.  Delete every other component of the Host Profile so that only the networking section is applied; design the new ESXi hosts so that the vSwitches'll work with the old vmnic-to-vswitch configurations. 2) Write a script to clone the vSwitch from ones ESXi host to another.
Read more

Deleting Orphaned (AKA Zombie) VMDK Files

A problem that most Virtualization Administrators need to deal with is Orphaned VMDK files (or Zombie VMDK files, as some people call them).  These are Virtual Machine hard drive files that are just hanging out, taking up storage, but are attached to no VMs.  How can this happen?  Well, the most common way is when an administrator needs to delete a VMDK but isn't quite ready to commit... so, after pressing "remove", they select "remove from virtual machine" rather than "remove and delete files".  The intent is always good: "I want to be able to restore this if it turns out to be necessary... so I'll just come back and delete it next week if nothing breaks!"  But, of course, next week something else happens and the file doesn't get deleted.  After a little while, it turns into "which files did I rename, again?" and nothing seems to happen. So, how do you deal with these orphaned files?  Well, a few years ago I found a scrip
Read more