Very often Administrators have the task of monitoring log files like Windows log files, iis logs, error logs, and firewall log files, and getting the last x of lines from a file.
The PowerShell Get-Content cmdlet has a tail parameter that is the Unix tail equivalent command used to monitor the file and get the last line of the file.
Using PowerShell, administrators can use the Get-Content command to get the tail of the file, get the last line of the file, and retrieve the last 10 lines of a text file.
In PowerShell, the tail parameter of Get-Content cmdlet specifies the number of lines from the end of the file. You can also use a tail alias Last.
Let’s understand using Get-Content tail examples to read the end of the file, A file can be iis log file, Windows event log, firewall log, or any other file.
Cool Tip: How to get certificates using PowerShell!
PowerShell tail – Get the Last 10 Lines of the File
To get the last 10 lines of the Windows Event log text file, use the Get-Content command that uses the Path Parameter to specify the event log text file path. This command uses the tail parameter to specify the number of lines to retrieve from the text file.
Get-Content -Path D:\PS\event_log.txt -Tail 10
The output of the above PowerShell script uses the Get-Content command to get the last 10 lines of the file.
PowerShell tail – Show the last line of the file
To get the last line of the file, use the tail parameter with the value 1.
In the following PowerShell script, the Get-Content command uses the -tail 1 parameter to get the last line of the text file specified.
Get-Content "C:\PowerShell\EventLog_Setup.txt" -tail 1
Cool Tip: Do you know the equivalent of the cat command in Windows!
Get the tail of the big file and export it to csv
Often administrators need to extract a few lines from the big log file to analyze the log data.
To get the tail of the last 50 lines of a big file and export it csv file, use the below command
Get-Content "C:\PowerShell\EventLog_Setup.txt" -tail 50 | Out-File -FilePath "C:\PowerShell\output.csv"
In the above script, the PowerShell Get-Content cmdlet -tail parameter gets the last 50 lines of the code. Using the pipe operator, it passed extracted lines to Out-File export to a csv file.
Cool Tip: Use PowerShell to get the first line of the file!
Get the Last Line of the String
To get the last line of the string stored in a variable, use the Select-Object cmdlet in PowerShell. The Select-Object command has a Last parameter that selects the last lines of string based on the number of lines specified.
The Get-WinEvent cmdlet uses the LogName parameter to get all events in the Windows PowerShell log and save the output in the $strData variable. Then, the $strData output is piped to the Select-Object cmdlet. The Select-Object command uses the Last parameter to select the last line from a string.
Here is the PowerShell script that selects the last line of a string.
# Get events in the Windows PowerShell event log $strData = Get-WinEvent -LogName "Windows PowerShell" # Read the last line of string $strData | Select-Object -Last 1
The output of the above PowerShell script displays the last line of output stored in the $strData variable.
Using the wait parameter to display a new line
Another popular use of the tail parameter is to get the last lines from the file. Using the Get-Content cmdlet -wait parameter, it keeps the file open after all existing lines output to the console and watches the new line after every second.
Get-Content "C:\PowerShell\iislog.txt" -wait
You can stop the waiting using Ctrl + C.
Conclusion
In the above blog post, I have explained how to get the last lines of the file using the Get-Content tail parameter. In PowerShell tail parameter is very useful to get a specific number of lines from the file.
You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.