When running a powershell script I am able to find the machines on my network that have BSOD and have a minidump file. When weeding through all the data I noticed many of the workstations had times that it occurred at the same time each day. Is there a way to use powershell to sort through the data to show only the workstations where the times of the bsod are the same daily?
The script I am using to detect the machines that have had the bsod.
$Computers = get-content "C:\users\mike\Computerlist.txt"
$OutFile = "C:\users\mike\Results.txt"
#Erase an existing output file so as not to duplicate data
out-file -filepath $OutFile
foreach ($Computer in $Computers)
{
if (test-path \\$computer\c$\Windows\Minidump) #test to make sure the file exists
{
#Get the CreationTime value from the file
$FileDate = (Get-ChildItem \\$computer\c$\Windows\Minidump).CreationTime
#Write the computer name and File date separated by a unique character
"$Computer | $FileDate" | out-file -FilePath $OutFile -Append
}
}
Think that you might need to be more clear on what you need to do with the data but the work is still the same. I would think that you should capture all the results into an object that you could group and sort on
$results = @() # Capture all the data here.
ForEach ($Computer in $Computers){
if (Test-Path "\\$computer\c$\Windows\Minidump") #test to make sure the file exists
{
#Get the CreationTime value from the file
$fileData = Get-ChildItem "\\$computer\c$\Windows\Minidump" |
Select Name,@{L="Date";E={Get-Date($_.CreationTime) -Format "ddMMyyyyHHmm"}} |
Add-Member -MemberType NoteProperty -Name "Computer" -Value $computer -PassThru
$results += $fileData
}
}
This would create output like the following
Name Date Computer
---- ---- --------
010615-28142-01.dmp 060120151213 awesome
121714-34179-01.dmp 171220141310 awesome
121714-36441-01.dmp 171220141310 awesome
010615-28142-01.dmp 080120151307 C3959
121714-34179-01.dmp 080120151308 C3959
121714-36441-01.dmp 080120151308 C3959
So we have the file names, formatted time stamps of the files and the associated computer of those files. Now we can use Group-Object to collect and sort that data. (This is the part where you might need to chime in with your intentions)
$results | Group-Object date
Count Name Group
----- ---- -----
1 060120151213 {@{Name=010615-28142-01.dmp; Date=060120151213; Computer=awesome}}
2 171220141310 {@{Name=121714-34179-01.dmp; Date=171220141310; Computer=awesome}, @{Name=121714-36441-01.dmp; Date=171220141310; Computer...
1 080120151307 {@{Name=010615-28142-01.dmp; Date=080120151307; Computer=C3959}}
2 080120151308 {@{Name=121714-34179-01.dmp; Date=080120151308; Computer=C3959}, @{Name=121714-36441-01.dmp; Date=080120151308; Computer=C...
Ignoring the bad data sample used for this you can see that it groups the objects by the "creation dates" of the minidumps. If there were files across systems that happened at the same minute of a given day they would be grouped here.
Before we get to crazy you could just sort the results as well since that would also show you the relationship you woudlnt even need to do the crazy stuff with the CreationTime
$results | Sort-Object Date
Update from comments
So if you wanted to make a report of the information you could manipulate the results like this.
$results | Group-Object Date | ForEach-Object{
[pscustomobject]@{
Time = $_.Name
Computers = $_.Group.Computer -join ";"
}
}
That will output every time (to the minute) that a BSOD occured. If there are multiple computers then they will be semicolon delimited in the parameter Computers. You could output this with Export-CSV easily if you wanted to.