Get-TsLog.psm1
|
function Get-TsLog { <# .SYNOPSIS This function downloads a filtered log from Logentries for analysis on Tableau logs. .DESCRIPTION Downloads a filtered log from Logentries. Make sure you are following the log file from the Tableau directory. Note: Default pull day range is 1 day After you have the file in your workpath, then you can add this to a database. .EXAMPLE Get-TsLog -leAcctKey 'djlafjdljfdljf' -leFilter '/HTTP\/1\.1" "-" (?P<status>\d{3})/ AND status=200 AND -127.0.0.1 AND -::1/' -workpath 'c:\leLogs\' .EXAMPLE Get-TsLog -leAcctKeyVizQL 'djlafjdljfdljf' -leFilterVizQL "/`"end-update-sheet`"/" -workpathVizQL 'c:\leLogs\' .LINK camsoe.com #> [CmdletBinding()] param( [Parameter(Mandatory=$true,ParameterSetName="Web")] [string]$leAcctKey, [Parameter(Mandatory=$true,ParameterSetName="Web")] [string]$leFilter, [Parameter(Mandatory=$true,ParameterSetName="Web")] [string]$workpath, [Parameter(Mandatory=$true, ParameterSetName="Web")] [switch]$Web, [Parameter(Mandatory=$true,ParameterSetName="VizQL")] [string]$leAcctKeyVizQL, [Parameter(Mandatory=$true,ParameterSetName="VizQL")] [string]$leFilterVizQL, [Parameter(Mandatory=$true,ParameterSetName="VizQL")] [string]$workpathVizQL, [Parameter(Mandatory=$true)] [string]$apikey ) #$Stopwatch = [System.Diagnostics.Stopwatch]::StartNew() $ExtractDate = (Get-Date).ToString('yyyy-MM-dd') $epoch = Get-Date -Year 1970 -Month 1 -Day 1 -Hour 0 -Minute 0 -Second 0 $start = [math]::truncate((Get-Date).AddDays(-1).ToUniversalTime().Subtract($epoch).TotalMilliSeconds) $end = [math]::truncate((Get-Date).ToUniversalTime().Subtract($epoch).TotalMilliSeconds) Write-Verbose -Message "Extracting Tableau log data for last 1 days" -Verbose ################################### # get log info for tableau server ################################### if ($Web) { $apacheQuery = "query=where($($leFilter))" $apacheLeQuery = "https://rest.logentries.com/query/logs/$($leAcctKey)/?$($apacheQuery)&from=$($start)&to=$($end)" $apacheResults = Invoke-RestMethod "$($apacheLeQuery)" -Headers @{"x-api-key"=$apikey} $apacheEvents = Invoke-RestMethod $apacheResults.links.href $apacheEvents.events.message | Out-File "$workpath\Ts_Web_Data.txt" -Force Write-Verbose -Message "Saving results here: $workpath\Ts_Web_Data.txt" -Verbose $headers = 0..30 $headers[0] = 'IP' $headers[3] = 'Date' $headers[4] = 'TimeMST' $headers[8] = 'Port' $headers[9] = 'Request' $headers[11] = 'httpStatus' $headers[14] = 'TTS' $headers[15] = 'requestID' Import-Csv -Path $workpath\Ts_Web_data.txt -Header $headers -Delimiter " " | select IP,@{n='DateTimeMST';e={$_.Date +' '+ $_.TimeMST}},Port,Request,httpStatus,requestID,TTS | ` Export-Csv -Path "$workpath\TsWebDataParse_$($ExtractDate).csv" -Delimiter ";" -NoTypeInformation -Encoding ASCII -Force } else { $vqlQuery = "query=where($($leFilterVizQL))" $vqlLeQuery = "https://rest.logentries.com/query/logs/$($leAcctKeyVizQL)/?$($vqlQuery)&from=$($start)&to=$($end)" $vqlResults = Invoke-RestMethod "$($vqlLeQuery)" -Headers @{"x-api-key"=$apikey} $vqlEvents = Invoke-RestMethod $vqlResults.links.href $vqlEvents.events.message | Out-File "$workpathVizQL\Ts_Sheet_Perf.txt" -Force Write-Verbose -Message "Saving results here: $workpathVizQL\Ts_Sheet_Perf.txt" -Verbose Start-Sleep -Seconds 20 Get-Content "$workpathVizQL\Ts_Sheet_Perf.txt" | ForEach-Object { $_ | ConvertFrom-Json | Select-Object ts,pid,tid,sev,req,sess,site,user,k, ` @{n='Sheet';e={ ( ($_.'v') -split ";" | select -first 1 -Skip 1 ).Replace(" sheet=","") }}, ` @{n='View';e={ (( ($_.'v') -split ";" | select -Last 1 ).Replace(" view=","")).Replace("}","") }}, @{n='Elapsed_sec';e={ ( ($_.'v') -split ";" | select -first 1).Replace("@{elapsed=","") }}, @{n='ExtractDate';e={$ExtractDate}} } | Export-Csv "$workpathVizQL\Ts_Sheet_Perf_Prod_$($ExtractDate).csv" -Delimiter ";" -NoTypeInformation -Force } } |