Minor output formatting annoyance

[Kurt Buff]

This just escapes me - I know I'm doing something wrong, but I can't figure this out. The output is fine, except that the fields are not ordered the way I want. I tried do some select statement stuff, but kept getting empty fields.

I know I could do post-processing, but that seems silly/wasteful.

Kurt

The script:

$DCs = Get-ADDomainController -filter * | select -expand name
foreach ( $DC in $DCs ) {
   $process = get-process -name lsass -computername $DC | select machinename,name,pm,npm,handles
   $logLine = @{
            TimeStamp      = Get-Date -Format "yyyy-MM-dd_HHmmss"
            Machine        = $process.machinename
            Proc           = $process.name
            PagedMem       = $process.pm
            NonPagedMem    = $process.npm
            Handles        = $process.handles
        }

   [PSCustomObject]$LogLine | Export-Csv -append -notype -encoding ascii -delim "`t" c:\temp\lsass-data.csv 

}

Output header order

"Proc" "TimeStamp" "NonPagedMem" "Handles" "Machine" "PagedMem" "Private"

Desired output header order:

"TimeStamp" "Machine" "Proc" "NonPagedMem" "PagedMem" "Handles"

[Michael B. Smith]

Close. You want this:

 

   $logLine = [PsCustomObject] @{

            TimeStamp      = Get-Date -Format "yyyy-MM-dd_HHmmss"
            Machine        = $process.machinename
            Proc           = $process.name
            PagedMem       = $process.pm
            NonPagedMem    = $process.npm
            Handles        = $process.handles
        }

 

You could also use an OrderedHashTable ( [ordered] ).

--
You received this message because you are subscribed to the Google Groups "ntpowershell" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntpowershell...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntpowershell/CADy1Ce7ybmC-Esqf8YOFP4DTMZpERw8WuHpVc4AxWJdKE4q%3Dcg%40mail.gmail.com.

[Michael Kurzdorfer]

 

This should take care of your order.

Replace:

   [PSCustomObject]$LogLine | Export-Csv -append -notype -encoding ascii -delim "`t" c:\temp\lsass-data.csv 

With:

  [PSCustomObject]$LogLine | Select-Object TimeStamp,Machine,Proc,NonPagedMem,PagedMem,Handles | Export-Csv -append -notype -encoding ascii -delim "`t" c:\temp\lsass-data.csv 

--

[Gordon Pegue]

Would adding [ordered] immediately preceding your @{ TimeStamp =… preserve your desired output order?

Gordon

Distressed electrons pushed out by my iPhone

On Jun 19, 2024, at 4:51 PM, Kurt Buff <kurt...@gmail.com> wrote:



  [EXTERNAL]

--

[Kurt Buff]

Perfect! That worked exactly as I wanted.

Kurt

To view this discussion on the web visit https://groups.google.com/d/msgid/ntpowershell/4bc08721fe5849a49dc0bc825415e8be%40smithcons.com.

[Kurt Buff]

Thank you very much for your help.

This is the final form of my monitoring script - lsass and the 9 processes running for the EDR. I'm wrapping this in a timer routine, and capturing data every 30 minutes for a week. This should answer, one way or the other, my question on what's causing memory to get consumed.

Kurt

$DCs = Get-ADDomainController -filter * | select -expand name
foreach ( $DC in $DCs ) {

   $Processes = @()
   $Processes = get-process -name lsass,p2,p3,p4,p5,p6,p7,p8,p9,p10 -computername $DC | select machinename,name,pm,npm,handles
   foreach ( $process in $processes ) {
   $Log = [PSCustomObject] @{

     TimeStamp     = Get-Date -Format "yyyy-MM-dd_HHmm"

     Machine       = $Process.machinename
     Proc          = $Process.name
     PagedMem      = $Process.pm
     NonPagedMem   = $Process.npm
     Handles       = $Process.handles
     }
   $Log | Export-Csv -append -notype -encoding ascii -delim "`t" c:\temp\data.csv
   }
}

On Wed, Jun 19, 2024 at 5:03 PM Michael B. Smith <mic...@smithcons.com> wrote:

To view this discussion on the web visit https://groups.google.com/d/msgid/ntpowershell/4bc08721fe5849a49dc0bc825415e8be%40smithcons.com.

[Michael B. Smith]

Very nice.

 

Well, it’ll tell you if it’s one of those ten processes anyway. 😊

To view this discussion on the web visit https://groups.google.com/d/msgid/ntpowershell/CADy1Ce6gVuMZ_%2BR4aJ3p759EFPhLEDQ-BBR49e9kG-XPqKrDnA%40mail.gmail.com.

[Kurt Buff]

If this doesn't confirm it, then I'll have a go at other processes.

Eliminating things one step at a time.

Something has been leading to spontaneous reboots across most of the DCs, at random, and I haven't been able to track the cause, and the events in the usual event logs have been useless, hence this approach.

Kurt

To view this discussion on the web visit https://groups.google.com/d/msgid/ntpowershell/df47152c6c0247d59d9b7af7faa8c6f0%40smithcons.com.