lib/core/tools/Show-IcingaEventLogAnalysis.psm1

function Show-IcingaEventLogAnalysis()
{
    param (
        [string]$LogName         = 'Application'
    );

    Write-IcingaConsoleNotice 'Analysing EventLog "{0}"...' -Objects $LogName;

    Start-IcingaTimer 'EventLog Analyser';

    try {
        [array]$BasicLogArray = Get-WinEvent -ListLog $LogName -ErrorAction Stop;
        $BasicLogData         = $BasicLogArray[0];
    } catch {
        Write-IcingaConsoleError 'Failed to fetch data for EventLog "{0}". Probably this log does not exist.' -Objects $LogName;
        return;
    }

    Write-IcingaConsoleNotice 'Logging Mode: {0}' -Objects $BasicLogData.LogMode;
    Write-IcingaConsoleNotice 'Maximum Size: {0} GB' -Objects ([math]::Round((Convert-Bytes -Value $BasicLogData.MaximumSizeInBytes -Unit 'GB').value, 2));
    Write-IcingaConsoleNotice 'Current Entries: {0}' -Objects $BasicLogData.RecordCount;

    [hashtable]$LogAnalysis = @{
        'Day'    = @{
            'Entries' = @{ };
            'Count'   = 0;
            'Average' = 0;
            'Maximum' = 0;
        };
        'Hour'   = @{
            'Entries' = @{ };
            'Count'   = 0;
            'Average' = 0;
            'Maximum' = 0;
        };
        'Minute' = @{
            'Entries' = @{ };
            'Count'   = 0;
            'Average' = 0;
            'Maximum' = 0;
        };
    };

    $LogData             = Get-WinEvent -LogName $LogName;
    [string]$NewestEntry = $null;
    [string]$OldestEntry = $null;

    foreach ($entry in $LogData) {
        [string]$DayOfLogging = $entry.TimeCreated.ToString('yyyy\/MM\/dd');
        [string]$HourOfLogging = $entry.TimeCreated.ToString('yyyy\/MM\/dd-HH');
        [string]$MinuteOfLogging = $entry.TimeCreated.ToString('yyyy\/MM\/dd-HH-mm');

        $OldestEntry = $entry.TimeCreated.ToString('yyyy-MM-dd HH:mm:ss');

        if ([string]::IsNullOrEmpty($NewestEntry)) {
            $NewestEntry = $OldestEntry;
        }

        if ($LogAnalysis.Day.Entries.ContainsKey($DayOfLogging) -eq $FALSE) {
            $LogAnalysis.Day.Entries.Add($DayOfLogging, 0);
        }

        if ($LogAnalysis.Hour.Entries.ContainsKey($HourOfLogging) -eq $FALSE) {
            $LogAnalysis.Hour.Entries.Add($HourOfLogging, 0);
        }

        if ($LogAnalysis.Minute.Entries.ContainsKey($MinuteOfLogging) -eq $FALSE) {
            $LogAnalysis.Minute.Entries.Add($MinuteOfLogging, 0);
        }

        $LogAnalysis.Day.Entries[$DayOfLogging]       += 1;
        $LogAnalysis.Hour.Entries[$HourOfLogging]     += 1;
        $LogAnalysis.Minute.Entries[$MinuteOfLogging] += 1;

        $LogAnalysis.Day.Count    += 1;
        $LogAnalysis.Hour.Count   += 1;
        $LogAnalysis.Minute.Count += 1;

        $LogAnalysis.Day.Average    = [math]::Ceiling($LogAnalysis.Day.Count / $LogAnalysis.Day.Entries.Count);
        $LogAnalysis.Hour.Average   = [math]::Ceiling($LogAnalysis.Hour.Count / $LogAnalysis.Hour.Entries.Count);
        $LogAnalysis.Minute.Average = [math]::Ceiling($LogAnalysis.Minute.Count / $LogAnalysis.Minute.Entries.Count);
    }

    foreach ($value in $LogAnalysis.Day.Entries.Values) {
        $LogAnalysis.Day.Maximum = Get-IcingaValue -Value $value -Compare $LogAnalysis.Day.Maximum -Maximum;
    }
    foreach ($value in $LogAnalysis.Hour.Entries.Values) {
        $LogAnalysis.Hour.Maximum = Get-IcingaValue -Value $value -Compare $LogAnalysis.Hour.Maximum -Maximum;
    }
    foreach ($value in $LogAnalysis.Minute.Entries.Values) {
        $LogAnalysis.Minute.Maximum = Get-IcingaValue -Value $value -Compare $LogAnalysis.Minute.Maximum -Maximum;
    }
    Stop-IcingaTimer 'EventLog Analyser';

    Write-IcingaConsoleNotice 'Average Logs per Day: {0}' -Objects $LogAnalysis.Day.Average;
    Write-IcingaConsoleNotice 'Average Logs per Hour: {0}' -Objects $LogAnalysis.Hour.Average;
    Write-IcingaConsoleNotice 'Average Logs per Minute: {0}' -Objects $LogAnalysis.Minute.Average;
    Write-IcingaConsoleNotice 'Maximum Logs per Day: {0}' -Objects $LogAnalysis.Day.Maximum;
    Write-IcingaConsoleNotice 'Maximum Logs per Hour: {0}' -Objects $LogAnalysis.Hour.Maximum;
    Write-IcingaConsoleNotice 'Maximum Logs per Minute: {0}' -Objects $LogAnalysis.Minute.Maximum;
    Write-IcingaConsoleNotice 'Newest entry timestamp: {0}' -Objects $NewestEntry;
    Write-IcingaConsoleNotice 'Oldest entry timestamp: {0}' -Objects $OldestEntry;
    Write-IcingaConsoleNotice 'Analysing Time: {0}s' -Objects ([math]::Round((Get-IcingaTimer 'EventLog Analyser').Elapsed.TotalSeconds, 2));
}