Split string in PowerShell by pattern

Note:

• The solution below assumes that the section are not necessarily chronologically ordered so that you must inspect all time stamps to determine the most recent one.
• If, by contrast, you can assume that the last message is the most recent one, use LotPings' much simpler answer.

If you don't know ahead of time what section has the most recent time stamp, a line-by-line approach is probably best:

$dtMostRecent = [datetime] 0
# Split the long input string ($longString) into lines and iterate over them.
# If input comes from a file, replace 
# $longString -split '\r?\n'
# with
# Get-Content file.txt
# If the file is large, replace the whole command with
# Get-Content file.txt | ForEach-Object { ... } 
# and replace $line with $_ in the script block (loop body).
foreach ($line in $longString -split '\r?\n') {
 # See if the line at hand contains (only) a date. 
 if ($dt = try { [datetime] $line } catch {}) {
 # See if the date at hand is the most recent so far.
 $isMostRecent = $dt -ge $dtMostRecent
 if ($isMostRecent) {
 # Save this time stamp as the most recent one and initialize the
 # array to collect the following lines in (the message).
 $dtMostRecent = $dt 
 $msgMostRecentLines = @()
 }
 } elseif ($isMostRecent) {
 # Collect the lines of the message associated with the most recent date.
 $msgMostRecentLines += $line
 }
}
# Convert the message lines back into a single, multi-line string.
# $msgMostRecent now contains the multi-line message associated with
# the most recent time stamp.
$msgMostRecent = $msgMostRecentLines -join "`n"

Note how try { [datetime] $line } catch {} is used to try to convert a line to a [datetime] instance and fail silently, if it can't, in which case $dt is assigned $null, which in a Boolean context is interpreted as $False.

This technique works irrespective of the culture currently in effect, because PowerShell's casts always use the invariant culture when casting from strings, and the dates in the input are in one of the formats the invariant culture understands.

By contrast, the -as operator, whose use would be more convenient here - $dt =$line -as [datetime] - unexpectedly is culture-sensitive, as Esperento57 points out.
This surprising behavior is discussed in this GitHub issue.

Provided the [datetime] sections are ascending,
it should be sufficient to split on them with a RegEx and get the last one

((Get-Content .\test.txt -Raw) -split "\d+/\d+/\d{4} \d+:\d+:\d+ [AP]M`r?`n")[-1]

Output based on your sample string stored in file test.txt

This would be second message
Same type of stuff
But its a different message

you can split it by timestamp pattern like this:

$arr = $str -split "[0-9]{1,2}/[0-9]{1,2}/[0-9]{1,4} [0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2} [AaPp]M\n"

To my knowledge you can't use any of the static String methods like Split() for this. I tried to find a regular expression that would handle the entire thing, but wasn't able to come up with anything that would quite break it up properly.

So, you'll need to go line by line, testing to see if it that line is a date, then concatenate the lines in between like the following:

$fileContent = Get-Content "inputFile.txt"
$messages = @()
$currentMessage = [string]::Empty
foreach($line in $fileContent)
{
 if ([Regex]::IsMatch($line, "\d{1,2}/\d{1,2}/\d{4} \d{1,2}:\d{2}:\d{2} (A|P)M"))
 {
 # The current line is a date, the current message is complete
 # Add the current message to the output, and clear out the old message 
 # from your temporary storage variable $currentMessage
 if (-not [string]::IsNullOrEmpty($currentMessage))
 {
 $messages += $currentMessage
 $currentMessage = [string]::Empty
 }
 }
 else
 {
 # Add this line to the message you're building.
 # Include a new line character, as it was stripped out with Get-Content
 $currentMessage += "$line`n"
 }
}
# Add the last message to the output
$messages += $currentMessage
# Do something with the message
Write-Output $messages

As the key to all of this is recognizing that a given line is a date and therefore the start of a message, let's look a bit more at the regex. "\d" will match any decimal character 0-9, and the curly braces immediately following indicate the number of decimal characters that need to match. So, "\d{1,2}" means "look for one or two decimal characters" or in this case the month of the year. We then look for a "/", 1 or 2 more decimal characters - "\d{1,2}", another "/" and then exactly 4 decimal characters - "\d{4}". The time is more of the same, with ":" in between the decimal characters instead of "/". At the end, there will either be "AM" or "PM" so we look for either an "A" or a "P" followed by an "M", which as a regular expression is "(A|P)M".

Combine all of that, and you get "\d{1,2}/\d{1,2}/\d{4} \d{1,2}:\d{2}:\d{2} (A|P)M" to determine if you have a date on that line. I believe it would also be possible to use[DateTime]::Parse() to determine if the line is a date, but then you wouldn't get to have fun with Regex's and would need a try-catch. For more info on Regex's in Powershell (which are just the .NET regex) see .NET Regex Quick Reference

• string
• powershell
• split