This helps in finding all Events from
Application Event Log on the local computer.
Lisitng 26
LogParser -i:EVT "SELECT TimeGenerated, EventID, EventTypeName, EventCategoryName,
SourceName, Message FROM APPLICATION" -o:DataGrid
Finding the Events from a specific source:
Listing 27
LogParser -i:EVT "SELECT TimeGenerated, EventID, EventTypeName, EventCategoryName,
SourceName, Message FROM APPLICATION WHERE SourceName='COM+'" -o:DataGrid
Finding Events from System Event Log with a
source of Service Control Manager:
Listing 28
LogParser -i:EVT "SELECT TimeGenerated, EventID, EventTypeName, EventCategoryName,
SourceName, Message FROM SYSTEM WHERE SourceName='Service Control Manager'"
-o:DataGrid
Scripting the above
Create a text file and name it as
"EventsFromSource.bat" and paste the following line in it. Then save
it.
Listing 29
LogParser -i:EVT "SELECT TimeGenerated, EventID, EventTypeName, EventCategoryName,
SourceName, Message FROM %1 WHERE SourceName='%2'" -o:DataGrid
Run it as example: EventsFromSource SYSTEM DCOM
EventsFromSource APPLICATION COM+
Using LogParser with saved Event logs
The following show how to get all events
with a specific event ID and source. For example: Event ID of 37 and sourcename=W3SVC.
Listing 30
Logparser -i:EVT "SELECT * FROM system.evt WHERE sourcename='W3SVC' AND
EventID=37" -o:DataGrid
Suppose you want to view only the events
that were generated on and after July 07, 2008, listing
the most recent. The query will be:
Listing 31
Logparser -i:EVT "SELECT * FROM system.evt WHERE TimeGenerated >
'2008-07-07 00:00:00' Order by TimeGenerated DESC" -o:datagrid
Now, let us say you want to view only the
warning events and error events that were generated on and after July 07, 2008.
Listing 32
Logparser -i:EVT "SELECT * FROM system.evt WHERE EventType=1 or EventType=2 and
timegenerated > '2008-07-07 00:00:00'" -o:datagrid
You could do this with the Event logging
from your machine too! The command below picks up all events with ID 101 from the
Application event log into AppReport.txt.
Listing 33
<span lang=EN-IN>Logparser –i:EVT "SELECT TimeGenerated, EventID, EventTypeName, EventCategoryName, </span>
<span lang=EN-IN>SourceName, Message INTO AppReport.txt FROM APPLICATION WHERE EventID=101" </span>
<span lang=EN-IN>-o:DataGrid</span>
NOTE: If you are not sure about the column
names, just use * to select all fields and then note down the specific fields
you are interested in and use them in the query.