Share via

Powershell 5.1: show simple progress in a pipe

Joachim 26 Reputation points
2021-12-02T14:57:14.91+00:00

I use this command to find EventID 4625 (bad logons) on my domain controlers:

Get-EventLog -ComputerName $server -LogName 'security' -InstanceId 4625 | select @{Label='Time';Expression={$.TimeGenerated.ToString('g')}}, @{Label='User Name';Expression={$.replacementstrings[5]}}, @{Label='Client Name';Expression={$.replacementstrings[13]}}, @{Label='Client Address';Expression={$.replacementstrings[19]}} | Export-Csv $path\4625_$server.csv -NoTypeInformation -Delimiter ";"

Since this can run for a very long time I would like to have a very simple progress report. Like writing an "." for every event entry it finds. But everything I came up with messes up the export to csv. Any ideas?

Windows for business | Windows Server | User experience | PowerShell
0 comments

6 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rich Matheisen 47,901 Reputation points
    2021-12-02T15:38:36.953+00:00

    Before adding any progress indicator I think you'd do yourself a huge favor by switching to the Get-WinEvent cmdlet and let the target system do the search instead of having Get-EventLog return a huge number of events to be filtered locally. 

    Get-WinEvent -FilterHashtable @{LogName="Security";ID=4625} -ComputerName $server

    Here's one link that uses the same criteria as your example: better-event-logs-with-powershell

    If all you want as a progress indicator then pipe the results into a ForEach-Object and use "Write-Host '.' -NoNewline" followed by whatever data extraction you'd like.

    1 person found this answer helpful.
    0 comments
  2. Limitless Technology 39,931 Reputation points
    2021-12-02T18:22:26.123+00:00

    Hello @Joachim

    I can recommend:

    1- Progress bar: using https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/write-progress?view=powershell-7.2
    https://devblogs.microsoft.com/scripting/add-a-progress-bar-to-your-powershell-script/

    2- Show verbose results for each finding: https://devblogs.microsoft.com/scripting/use-powershell-to-write-verbose-output/

    Hope this helps with your query,

    ----------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments
  3. Joachim 26 Reputation points
    2021-12-03T09:38:45.187+00:00

    Thank you for your suggestions. I know both methods, but imho they dont work as part of a pipe (where in the end i export to a csv)

  4. Joachim 26 Reputation points
    2021-12-03T09:48:15.157+00:00

    I try to clarify it: what I would need is to execute a pipe and WHILE the pipe is running, regardless what it is doing, to output something on the screen every second, so the user knows: this script is still doing something.

    Example
    Searching for Event I 1234
    ................................ (<< THIS is what I want to see while the pipe is running)
    Done

  5. Jose Antonio Silva 11 Reputation points
    2021-12-03T22:31:27.243+00:00

    @Rich Matheisen is right. Progress bars depend on a reference percentage. If you are doing a search like this, you can't have a real progress because you can calculate how many records you will find.

    If what you want is a signal of what already was found, just pipe the results into a simple dot as already proposed. Just keep piping out the current $_ to make sure you can get the results to the next command 

    Get-WinEvent -FilterHashtable @{LogName="Security";ID=4625} -ComputerName $server |  
    %{  Write-Host "." -NoNewline; $_ } | export-csv c:\junk\count.csv -NoTypeInformation

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.