Last active
August 29, 2015 14:14
Revisions
-
kliemohn revised this gist
Feb 6, 2015 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,5 @@ <# .SYNOPSIS Gets SharePoint ULS logs along with the request URL given a set of criteria. .DESCRIPTION -
Feb 6, 2015 . 1 changed file with 87 additions and 10 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,13 +1,90 @@ <# .SHORT DESCRIPTION Gets SharePoint ULS logs along with the request URL given a set of criteria. .DESCRIPTION The request URL is not available on every ULS log entry. If you want the request URL, this command can provide it. It basically finds the log entry or entries based on the criteria provided and then looks back up to 2 minutes in the logs for a "Name=" message with the same correlation. If if finds one, it provides that message which contains the request URL. When using this command, it is highly recommended that you provide a StartTime, EndTime, and/or MinimumLevel. Those are the only parameters that limit the initial query. The other parameters (Process, ThreadID, Area, Category, EventID, Message, and Correlation) are processed in a loop and therefore are quite inefficient. The MinimumLevel defaults to "VerboseEx". Other options are: Verbose, Medium High, Monitorable, and Unexpected. All parameters other than the StartTime, EndTime, and MinimumLevel are used in a like clause. Basically you just need to provide portion of the CorrelationID, for example. .EXAMPLE .\Get-SPLogEventWithUrl.ps1 -Message "UserAgent" -MinimumLevel High -StartTime "2/6/2015" | Format-Table Timestamp,Correlation,Url .Example .\Get-SPLogEventWithUrl.ps1 -StartTime "2/6/2015 10:00 AM" -Correlation "841ce79c" | Out-File C:\LogOutput\output1.txt #> Param( [parameter(Mandatory=$false)][alias("start")]$StartTime=[System.DateTime]::MinValue, [Parameter(Mandatory=$false)][alias("end")]$EndTime=[System.DateTime]::MaxValue, [Parameter(Mandatory=$false)][alias("minlvl")]$MinimumLevel="VerboseEx", [Parameter(Mandatory=$false)][alias("proc")]$Process="", [Parameter(Mandatory=$false)][alias("thread")]$ThreadID="", [Parameter(Mandatory=$false)]$Area="", [Parameter(Mandatory=$false)][alias("cat")]$Category="", [Parameter(Mandatory=$false)][alias("evt")]$EventID="", [Parameter(Mandatory=$false)][alias("msg")]$Message="", [Parameter(Mandatory=$false)][alias("cor")]$Correlation="" ) Add-PSSnapin Microsoft.SharePoint.PowerShell # Get the event logs filtered based on StartTime, EndTime, and MinimumLevel Get-SPLogEvent -StartTime $StartTime -EndTime $EndTime -MinimumLevel $MinimumLevel | # Process each event log item and further filter in a loop based on all of the other parameters ?{ $_.Process -like "*$($Process)*" -and $_.ThreadID -like "*$($ThreadID)*" -and $_.Area -like "*$($Area)*" -and $_.Category -like "*$($Category)*" -and $_.EventID -like "*$($EventID)*" -and $_.Message -like "*$($Message)*" -and $_.Correlation -like "*$($Correlation)*" } | ForEach-Object { # We found a hit - store the item into $logItem and default the $url to empty $logItem = $_ $url = "" # Look back up to 2 minutes prior on the current Correlation to find the URL (Message starts with "Name=") $urlItems = get-splogevent -starttime $logItem.Timestamp.AddSeconds(-120) -endtime $logItem.Timestamp | ?{$_.Correlation -eq $logItem.Correlation -and $_.Message -like "Name=*"} | Select-Object -First 1 if ($urlItems -and $urlItems.Length -ge 1) { # We found the URL $url = $urlItems[0].Message } # Create a new object that has all of the properties of an event log item PLUS our new Url property $obj = New-Object PSObject $obj | Add-Member Timestamp $logItem.Timestamp $obj | Add-Member Continuation $logItem.Continuation $obj | Add-Member Process $logItem.Process $obj | Add-Member ThreadID $logItem.ThreadID $obj | Add-Member Area $logItem.Area $obj | Add-Member Category $logItem.Category $obj | Add-Member EventID $logItem.EventID $obj | Add-Member Level $logItem.Level $obj | Add-Member Message $logItem.Message $obj | Add-Member Correlation $logItem.Correlation $obj | Add-Member Context $logItem.Context $obj | Add-Member Url $url # Write out the object we just created Write-Output $obj } -
Feb 6, 2015 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,13 @@ Add-PSSnapin Microsoft.SharePoint.PowerShell #get-splogevent -starttime "1/9/2015 4:11:00 PM" -endtime "1/9/2015 4:11:10 PM" -MinimumLevel High | get-splogevent -MinimumLevel High | ?{$_.Message -like "*Bad response from SMTP*"} | ForEach-Object { $log = $_ get-splogevent -starttime $log.Timestamp.AddSeconds(-30) -endtime $log.Timestamp | ?{$_.Correlation -eq $log.Correlation -and $_.Message -like "Name=*"} | ForEach-Object { Write-Output "$($log.Timestamp) $($log.Message) $($_.Message)" Write-Host "$($log.Timestamp) $($log.Message) $($_.Message)" } } | Out-File C:\LogOutput\SMTPErrorRequests.txt