How to Filter and Isolate PowerShell Objects

1. PowerShell Objects Overview
2. Filtering Output Using PowerShell

In Windows PowerShell, most of its results when performing Get requests are commonly created and displayed in PowerShell object (PSObject) format. PSObjects is one of the critical functions of PowerShell that distinguishes it from the rest of the scripting languages.

However, we could not quickly search a PSObject because of its attributes, and thus we need to isolate the attributes before establishing a search index. In this article, we will talk about Windows PowerShell objects, how to parse the result of the PS Object for the results to be searchable, and perform proper filtering using PowerShell.

PowerShell Objects Overview

As mentioned, PowerShell Objects are one of the highlights of the scripting language. Each PowerShell Object has attributes that define the object as a whole.

Let’s take Get-Service as an example.

Example Code:

Get-Service

Output:

Status   Name               DisplayName
------   ----               -----------
Running  AarSvc_147d22      Agent Activation Runtime_147d22
Running  AdobeARMservice    Adobe Acrobat Update Service
Running  AESMService        Intel® SGX AESM

Within the Get-Service PowerShell objects, we have Status, Name, and DisplayName as their attributes. To filter out objects, we must isolate the object between its attributes using the Where-Object command.

For example, we can only get the Status type or the Name type, but we can’t just search for a specific keyword without calling the attribute first.

Example Code:

Get-Service | Where-Object { $_.Status -match "Stopped" }

Output:

Status   Name               DisplayName
------   ----               -----------
Stopped  AJRouter           AllJoyn Router Service
Stopped  ALG                Application Layer Gateway Service
Stopped  AppIDSvc           Application Identity

In the article’s next section, we’ll discuss how we can display these outputs as a string instead of a PS Object format and perform filtering with different search queries.

Filtering Output Using PowerShell

To filter output quickly, we need to display the output in string format. We must pipe the command to the Out-String command.

For the below example, we will assign it to a variable to make it easier on our next snippet of code.

Example Code:

$serviceOutput = (Get-Service | Out-String) -split "`r`n"

The code above will not yield a result due to the value being stored in the variable. Also, we have performed a little string operation to divide the results line per line.

If we filter, later on, the script will display it on a line-by-line basis instead of just one whole string.

The value stored in the $serviceOutput variable is in the string format. To search for the keyword, we need to pipe the Select-String command together with the keyword we wish to search for.

Example Code:

$serviceOutput | Select-String Intel

Output:

Running  AESMService        Intel® SGX AESM
Stopped  Intel(R) Capabi... Intel(R) Capability Licensing Servi...
Stopped  Intel(R) TPM Pr... Intel(R) TPM Provisioning Service