PowerShell Syntax: compare and nest
PowerShell uses so-called comparison operators for comparing values. Pipes can be used to pass different PowerShell commands to other commands.
compare
To compare certain values there are the following comparison operators.
Examples are:
-eq equal
-ne not equal
-gt greater than
-ge greater than or equal to
-lt less than
-le less than or equal to
we use"-gt" (greater than) in our next example:
Pipes (redirection)
By using the pipe symbol"|" several commands can be nested or redirected:
compare to the example dir, (Get-ChildItem)
Get-ChildItem c:\testordner | where-Object {$_.Length -gt 50KB}shows files (dir) in the folder c:\testfolder larger than 50KB.
we get the following output:
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a--- 19.03.2013 18:32 381816 PsExec.exe
-a--- 19.03.2013 18:32 105264 psfile.exe
-a--- 19.03.2013 18:32 333176 PsGetsid.exe
-a--- 19.03.2013 18:32 390520 PsInfo.exe
-a--- 19.03.2013 18:32 468592 pskill.exe
-a--- 19.03.2013 18:32 232232 pslist.exe
-a--- 19.03.2013 18:32 183160 PsLoggedon.ex
-a--- 19.03.2013 18:32 178040 psloglist.exe
-a--- 19.03.2013 18:32 171608 pspasswd.exe
-a--- 19.03.2013 18:32 167048 psping.exe
-a--- 19.03.2013 18:32 169848 PsService.exe
-a--- 19.03.2013 18:32 207664 psshutdown.ex
-a--- 19.03.2013 18:32 187184 pssuspend.exe
-a--- 19.03.2013 18:32 66582 Pstools.chmSort
If we want to sort the list by size, we need another pipe
Get-ChildItem c:\testordner | where-Object {$_.Length -gt 50KB} | Sort-Object LengthThe output then looks like this:
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a--- 19.03.2013 18:32 66582 Pstools.chm
-a--- 19.03.2013 18:32 105264 psfile.exe
-a--- 19.03.2013 18:32 167048 psping.exe
-a--- 19.03.2013 18:32 169848 PsService.exe
-a--- 19.03.2013 18:32 171608 pspasswd.exe
-a--- 19.03.2013 18:32 178040 psloglist.exe
-a--- 19.03.2013 18:32 183160 PsLoggedon.exe
-a--- 19.03.2013 18:32 187184 pssuspend.exe
-a--- 19.03.2013 18:32 207664 psshutdown.exe
-a--- 19.03.2013 18:32 232232 pslist.exe
-a--- 19.03.2013 18:32 333176 PsGetsid.exe
-a--- 19.03.2013 18:32 381816 PsExec.exe
-a--- 19.03.2013 18:32 390520 PsInfo.exe
-a--- 19.03.2013 18:32 468592 pskill.exeSo that the sorting recognizes the data type correctly, something can be helped:
If all file names should consist of numbers, Sort-Object would sort the names alphabetically: 1000 would then be smaller than 50 as an example.
The remedy is to assign the data type: Sort-Object { $_.Name.replace("stringpart","") -as [int] }
Data types, see: PowerShell Variables, Data Types and Objects.
Output
The formatting of the output can be customized with another pipe, so to get a list instead of the table view the command: Format-List can be used:
Get-ChildItem c:\testordner | where-Object {$_.Length -gt 50KB} | Sort-Object Length | Format-List Verzeichnis: C:\testordner
Name : Pstools.chm
Length : 66582
CreationTime : 20.02.2013 17:22:50
LastWriteTime : 19.03.2013 18:32:56
LastAccessTime : 20.02.2013 17:22:50
VersionInfo :
File: C:\testordner\Pstools.chm
InternalName: Original
Filename: File
Version: File
Description:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
Name : psfile.exe
Length : 105264
CreationTime : 20.02.2013 17:22:50
LastWriteTime : 19.03.2013 18:32:54
LastAccessTime : 20.02.2013 17:22:50
VersionInfo :
File: C:\testordner\psfile.exe
InternalName: psfile
OriginalFilename: psfile.exe
FileVersion: 1.02
FileDescription: psfile
Product: Sysinternals PsFile
ProductVersion: 1.02
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language: Englisch (Vereinigte Staaten).........Example read event log:
For example, the event log can be read out on a remote computer, a pipe | can be used to search in it and another pipe | can be used to export the result to a csv file:
get-winevent -computername RemoteSystem -Logname System | where {$_.Message | findstr "zu suchen"} | Export-Csv c:\temp\sucheimEventlog.csv
({{pro_count}})
{{percentage}} % positive
({{con_count}})