Using LogParser 2.2 to Parse IIS Logs and Other Logs
page 10 of 13
by Sudeep G
Feedback
Average Rating: 
Views (Total / Last 10 Days): 94626/ 280

Scenario 8: Using LogParser with EventLogs

This helps in finding all Events from Application Event Log on the local computer.

Lisitng 26

LogParser -i:EVT "SELECT TimeGenerated, EventID, EventTypeName, EventCategoryName, 
SourceName, Message FROM APPLICATION" -o:DataGrid

Finding the Events from a specific source:

Listing 27

LogParser -i:EVT "SELECT TimeGenerated, EventID, EventTypeName, EventCategoryName, 
SourceName, Message  FROM APPLICATION WHERE SourceName='COM+'" -o:DataGrid

Finding Events from System Event Log with a source of Service Control Manager:

Listing 28

LogParser -i:EVT "SELECT TimeGenerated, EventID, EventTypeName, EventCategoryName, 
SourceName, Message FROM SYSTEM WHERE SourceName='Service Control Manager'" 
-o:DataGrid

Scripting the above

Create a text file and name it as "EventsFromSource.bat" and paste the following line in it. Then save it.

Listing 29

LogParser -i:EVT "SELECT TimeGenerated, EventID, EventTypeName, EventCategoryName, 
SourceName, Message FROM %1 WHERE SourceName='%2'" -o:DataGrid
Run it as example:      EventsFromSource SYSTEM DCOM
                        EventsFromSource APPLICATION  COM+

Using LogParser with saved Event logs

The following show how to get all events with a specific event ID and source. For example: Event ID of 37 and sourcename=W3SVC.

Listing 30

Logparser -i:EVT "SELECT * FROM system.evt WHERE sourcename='W3SVC' AND 
EventID=37" -o:DataGrid

Suppose you want to view only the events that were generated on and after July 07, 2008, listing the most recent. The query will be:

Listing 31

Logparser -i:EVT "SELECT * FROM system.evt WHERE TimeGenerated > 
'2008-07-07 00:00:00' Order by TimeGenerated DESC" -o:datagrid

 

Now, let us say you want to view only the warning events and error events that were generated on and after July 07, 2008.

Listing 32

Logparser -i:EVT "SELECT * FROM system.evt WHERE EventType=1 or EventType=2 and 
timegenerated > '2008-07-07 00:00:00'" -o:datagrid

You could do this with the Event logging from your machine too! The command below picks up all events with ID 101 from the Application event log into AppReport.txt.

Listing 33

<span lang=EN-IN>Logparser –i:EVT "SELECT TimeGenerated, EventID, EventTypeName, EventCategoryName, </span>
<span lang=EN-IN>SourceName, Message INTO AppReport.txt FROM APPLICATION WHERE EventID=101" </span>
<span lang=EN-IN>-o:DataGrid</span>

NOTE: If you are not sure about the column names, just use * to select all fields and then note down the specific fields you are interested in and use them in the query.


View Entire Article

User Comments

No comments posted yet.

Product Spotlight
Product Spotlight 





Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2018 ASPAlliance.com  |  Page Processed at 2018-12-13 3:13:54 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search