Working with system processes is a natural aspect of system administration. It is also the source of most of the regular expression magic and kung fu that makes system administrators proud. After all, who wouldn’t boast about this Unix oneliner to stop all processes using more than 100 MB of memory:
ps el | awk '{ if ( $6 > (1024*100)) { print $3 } }' | grep v PID | xargs kill
While helpful, it also demonstrates the inherently fragile nature of pure text processing. For this command to succeed, it must:
- Depend on the ps command to display memory usage in column 6.
- Depend on column 6 of the ps command’s output to represent the memory usage in kilobytes.
- Depend on column 3 of the ps command’s output to represent the process id.
- Remove the header column from the ps command’s output.
Since PowerShell’s GetProcess cmdlet returns information as highly structured .NET objects, fragile text parsing becomes a thing of the past:
GetProcess | WhereObject { $_.WorkingSet gt 100mb } | StopProcess –WhatIf
If brevity is important, PowerShell defines aliases to make most commands easier to type:
gps | ? { $_.WS gt 100mb } | kill –WhatIf
