Parse a Log file for a specific date and time

Question

Thank you for any help in advance! :)

MY LOG FILE IS A RTF FILE.

I am a beginner to Powershell. I have the powershell app, not powershell ISE. I need to parse through a log file for an application and look for the word "Errors: " in the last 24-72 hours. I basically have to see when my backup solution for my laptop is failing me.

I have the following so far:

       $daysBack = 3
$refDate  = (Get-Date).AddDays(-$daysBack).Date  # set this to midnight
$log      = Get-Content -Path 'C:\Users\<User>\Documents\TheLog.log'

# find lines that start with what looks like a date and contains 'Errors:'
# capture the date part in backreference $matches[1] to parse into a real datetime object for comparison with $refDate
$errors = @($log | Where-Object { $_ -match '^\s*(\d{2}/\d{2}/\d{4} \d{2}:\d{2}:\d{2}).*Errors:' } |   
                   Where-Object { [datetime]::ParseExact($matches[1], 'dd/MM/yyyy HH:mm:ss', $null) -ge $refDate }).Count

# if $errors not 0
if ($errors) {
    $count = if ($errors -eq 1) { "was an error" } else { "were $errors errors" }
    "There {0} in your back up solution in the last $daysBack days. Please check your log file." -f $count
}
else {
    "There were no errors in backing up your files in the last $daysBack days."
}

This does not work at all and sometimes shuts down powershell. I need to create some kind of if and else statement I think.

If there is an error in the last 3 days - writeOutput " There was an error in your back up solution in the last 3 days. Please check your log file." else "here were no errors in backing up your files in the last 3 days."

Or it could just print the line from the log file that specifically has this error. Whichever is better. I am also open to completely different solutions.

*Sample lines from my logfile that show a successful copy:

22/02/2021 17:27:33 - Begin: Documents=======================================
22/02/2021 17:27:33 - copied Notes.docx from C:\users\<username>\documents\ to D:\users\<username>\documents\
22/02/2021 17:27:33 - End: Documents...Copied 1

*Sample lines that show an unsuccessful copy from a few days back in the log file:

18/02/2021 08:57:37 - can not access C:\users\<username>\documents\ The network path was not found.

18/02/2021 08:57:37 - End: Documents... copied: 0, Errors: 1

I should also mention there are sometimes when I delete a file from my documents and rather than back it up it deletes from the back up as well. As far as I understand my backup solution is an exact mirror of whatever is in my documents. I think I would like to maybe include something about these deletes in my code too.

*Sample section of log file that deletes:

22/02/2021 17:27:33 - End: Documents...Copied 1, Deleted: 1

Answer 1

On line #4 of your code you have an opening "{", but there's no closing "} to match it.
On line #7 you using a variable named $error_time but you've never defined or initialized a variable by that name. Should that be changed to just $date? Or should line #5 assign a value to $error_time instead of $time?
Also on line #7 you're missing a closing ")" at the end of the "if ($error_time -gt (Get-Date).AddDays(-3)".

Answer 2

Try this:

Get-Content -path C:\Users\<User>\Documents | 
    Select-String "Errors: " -Simplematch | 
        Select-Object -expand line |
            ForEach-Object {
                $_ -match '^.+\s\[Errors: ]\s(.+)' | Out-Null     # are there data following the date????
                $error_time = [DateTime]$matches[1]

                if ($error_time -gt ((Get-Date).AddDays(-3))) {
$e = @"
Critical: There was an
> error in your back up solution in the last 3 days. Please check your

> log file $error_time

"@
                    Write-Output $e
                }
                Else { 
                    Write-Output "There were no errors in backing up your files in the last 3 days" 
                }
            }

There were more errors in your code than I noted earlier.