I am trying to extract VolumesInfo detail from the event log
I can get ‘VolumesInfo’ with $VolumesInfo = $event.SelectSingleNode("//*[@Name='VolumesInfo']") but that is just:
"><VolumeInfo><VolumeInfoItem Name="C:" OriginalAccessPath="C:" State="14" HResult="0" DetailedHResult="0" PreviousState="17" IsCritical="1" IsIncremental="0" BlockLevel="1" HasFiles="0" HasSystemState="1" IsCompacted="1" IsPruned="0" IsRecreateVhd="0" FullBackupReason="10" DataTransferred="193645641728" NumUnreadableBytes="0" TotalSize="193645641728" TotalNoOfFiles="0" Flags="1578" BackupTypeDetermined="1" SSBTotalNoOfFiles="0" SSBTotalSizeOnDisk="0"
It isn't in XML format – that is there doesn’t seem to be nodes. And I don’t know how to parse out the "193645641728" of TotalSize="193645641728". If that like a mid string search????
-<Event xmlns=....
-<System>
<Provider Name="Microsoft-Windows-Backup" Guid="{1DB28F2E-8F80-4027-8C5A-A11F7F10F62D}" />
<EventID>14</EventID>
<Version>3</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>2</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2014-09-25T04:44:08.313684400Z" />
<EventRecordID>508</EventRecordID>
<Correlation />
<Execution ProcessID="10412" ThreadID="8912" />
<Channel>Microsoft-Windows-Backup</Channel>
<Computer>Server04.SSPC2003.Com</Computer>
<Security UserID="S-1-5-18" />
</System>
-<EventData>
<Data Name="BackupTemplateID">{58CF5C53-AE99-4731-9137-4EFEFE302A39}</Data>
<Data Name="HRESULT">0x0</Data>
<Data Name="DetailedHRESULT">0x0</Data>
<Data Name="ErrorMessage">%%0</Data>
<Data Name="BackupState">14</Data>
<Data Name="BackupTime">2014-09-25T04:00:35.775074600Z</Data>
<Data Name="BackupTarget">U:</Data>
<Data Name="NumOfVolumes">1</Data>
<Data Name="VolumesInfo"><VolumeInfo><VolumeInfoItem Name="C:" OriginalAccessPath="C:" State="14" HResult="0" DetailedHResult="0" PreviousState="17" IsCritical="1" IsIncremental="0" BlockLevel="1" HasFiles="0" HasSystemState="1" IsCompacted="1" IsPruned="0" IsRecreateVhd="0" FullBackupReason="10" DataTransferred="193645641728" NumUnreadableBytes="0" TotalSize="193645641728" TotalNoOfFiles="0" Flags="1578" BackupTypeDetermined="1" SSBTotalNoOfFiles="0" SSBTotalSizeOnDisk="0" /></VolumeInfo></Data>
<Data Name="SourceSnapStartTime">2014-09-25T04:00:35.743824800Z</Data>
<Data Name="SourceSnapEndTime">2014-09-25T04:01:00.731468200Z</Data>
<Data Name="PrepareBackupStartTime"><TimesList><Time Time="2014-09-25T04:02:26.367Z" /></TimesList></Data>
<Data Name="PrepareBackupEndTime"><TimesList><Time Time="2014-09-25T04:02:26.695Z" /></TimesList></Data>
<Data Name="BackupWriteStartTime"><TimesList><Time Time="2014-09-25T04:02:26.695Z" /></TimesList></Data>
<Data Name="BackupWriteEndTime"><TimesList><Time Time="2014-09-25T04:43:30.982Z" /></TimesList></Data>
<Data Name="TargetSnapStartTime">2014-09-25T04:43:54.358283600Z</Data>
<Data Name="TargetSnapEndTime">2014-09-25T04:44:04.586166900Z</Data>
<Data Name="DVDFormatStartTime"><TimesList></TimesList></Data>
<Data Name="DVDFormatEndTime"><TimesList></TimesList></Data>
<Data Name="MediaVerifyStartTime"><TimesList></TimesList></Data>
<Data Name="MediaVerifyEndTime"><TimesList></TimesList></Data>
<Data Name="BackupPreviousState">11</Data>
<Data Name="ComponentStatus"><ComponentStatus></ComponentStatus></Data>
<Data Name="ComponentInfo"><ComponentInfo></ComponentInfo></Data>
<Data Name="SSBEnumerateStartTime">1601-01-01T00:00:00.000000000Z</Data>
<Data Name="SSBEnumerateEndTime">1601-01-01T00:00:00.000000000Z</Data>
<Data Name="SSBVhdCreationStartTime">1601-01-01T00:00:00.000000000Z</Data>
<Data Name="SSBVhdCreationEndTime">1601-01-01T00:00:00.000000000Z</Data>
<Data Name="SSBBackupStartTime">1601-01-01T00:00:00.000000000Z</Data>
<Data Name="SSBBackupEndTime">1601-01-01T00:00:00.000000000Z</Data>
<Data Name="SystemStateBackup"><SystemState IsPresent="1" HResult="0" DetailedHResult="0" /></Data>
<Data Name="BMR"><BMR IsPresent="1" HResult="0" DetailedHResult="0" /></Data>
<Data Name="VssFullBackup">true</Data>
<Data Name="UserInputBMR">true</Data>
<Data Name="UserInputSSB">true</Data>
<Data Name="BackupSuccessLogPath">C:\windows\Logs\WindowsServerBackup\Backup-25-09-2014_04-00-35.log</Data>
<Data Name="BackupFailureLogPath">C:\windows\Logs\WindowsServerBackup\Backup_Error-25-09-2014_04-00-35.log</Data>
<Data Name="EnumerateBackupStartTime"><TimesList><Time Time="1601-01-01T00:00:00.000Z" /></TimesList></Data>
<Data Name="EnumerateBackupEndTime"><TimesList><Time Time="1601-01-01T00:00:00.000Z" /></TimesList></Data>
<Data Name="PruneBackupStartTime"><TimesList><Time Time="1601-01-01T00:00:00.000Z" /></TimesList></Data>
<Data Name="PruneBackupEndTime"><TimesList><Time Time="1601-01-01T00:00:00.000Z" /></TimesList></Data>
<Data Name="BackupFlags">0x8</Data>
<Data Name="ComponentInfoSummary"><ComponentInfoSummary ComponentInfoArrayPresent="1" TotalComponents="0" SucceededComponents="0" /></Data>
</EventData>
</Event>
I have written this:
# powershell script VolumesInfo-GetTotalSize.ps1
$EventRecordID = 499
<#
Triggered from the Microsoft-Windows-Backup Event Log with an EventRecordID = 499
To test:
powershell.exe -ExecutionPolicy Bypass -File VolumesInfo-GetTotalSize.ps1
This log contails details of the backup job
#>
$CRLF = "`r`n"
$events = get-winevent -LogName Microsoft-Windows-Backup -FilterXPath "<QueryList><Query Id='0' Path='Microsoft-Windows-Backup'><Select Path='Microsoft-Windows-Backup'>*[System
[(EventRecordID=$eventRecordID)]]</Select></Query></QueryList>"
$event = [xml]$events[0].ToXml()
$VolumesInfo = $event.SelectSingleNode("//*[@Name='VolumesInfo']")."#text" # this works
$CRLF + "VolumesInfo: " + $VolumesInfo + $CRLF
<#
Displays:
VolumesInfo: <VolumeInfo><VolumeInfoItem Name="C:" OriginalAccessPath="C:" State="14" HResult="0" DetailedHResult="0" PreviousState="9" IsCritical="1" IsIncremental="0"
BlockLevel="1" HasFiles="0" HasSystemState="1" IsCompacted="0" IsPruned="0" IsRecreateVhd="0" FullBackupReason="10" DataTransferred="195223814144" NumUnreadableBytes="0"
TotalSize="195223814144" TotalNoOfFiles="0" Flags="1578" BackupTypeDetermined="1" SSBTotalNoOfFiles="0" SSBTotalSizeOnDisk="0" /></VolumeInfo>
#>
$DataTransferred = $VolumesInfo.Split(" ")[16]
#This is ugly because it relies on the target string being the 16th element and I would still need to extract the numbers from the string.
$CRLF + "DataTransferred: " + $DataTransferred
<#
This works but has the whole 'DataTransferred: DataTransferred="195223814144"'
What I want is just the "195223814144", Preferable formated in MG or GB
190,648,256 MB or
190,648.256 GB
#>
#End VolumesInfo-GetTotalSize.ps1
Any help?