LogParser -- It is a powerful tool from Microsoft and describes it provides universal query access to text based log files such as event viewers, xml files, IIS logs, csv files, registry, filesystem and so on.
Here are few examples of logparser.
-i –Input Type “EVT (Event Viewer), FS(FileSystem), ADS(Active Directory), IIS (Microsoft IIS
Log file format), REG(Registry Input), TSV (Tab Seperated), XML etc”
-o – Output Type – “NAT (Tabulated Column format), CSV (Comma Seperated), SQL (uploads records into SQL Database, TSV (Tab Seperated or Space Seperated), XML etc.,
Examples to access Event ViewerCreate an output.txt file to pull events from event viewer’s application section whose source name is outlook
C:\Log Parser 2.2>LogParser -i:EVT -o:NAT "select EventID, TimeGenerated, SourceName, Message into output.txt from application where SourceName like 'outlook'"
C:\Log Parser 2.2>LogParser -i:EVT -o:NAT "select EventID, TimeGenerated, SourceName, Message into output.txt from security"
C:\Log Parser 2.2>LogParser -i:EVT -o:NAT "select EventID, TimeGenerated, SourceName, Message into output.txt from application where eventId in (1904; 1001)"
C:\Log Parser 2.2>LogParser -i:EVT -o:NAT "select EventID, TimeGenerated, SourceName, Message into output.txt from application where eventId in (1904; 1001) and TimeGenerated>'2012-
10-19 12:00:00' and TimeGenerated<'2013-01-01 12:00:00'"
C:\Log Parser 2.2>logparser "SELECT TO_DATE(TimeGenerated), TO_UPPERCASE( EXTRACT_TOKEN(EventTypeName, 0, ' ') ), SourceName into output.txt FROM System" -o:NAT
Examples to access File System
Example to retrieve top 10 largest files in from the C:\Kalyan Folder
C:\Log Parser 2.2>logparser -i:FS "select top 10* from C:\kalyan\*.* order by size desc"
C:\Log Parser 2.2>logparser -i:FS "select top 10 name,path,size into largefiles.txt from C:\DBA\*.*
order by size desc" -o:NAT
C:\Log Parser 2.2>logparser -i:FS "select top 10 name,path,size from C:\DBA\*.* order by size desc" -o:DATAGRID – Displays in a grid format.
No comments: