Log Parser - the best value 3MB on your hard drive

I was wondering how best to describe LogParser and couldnt come up with anything better than the description in its help file:

• Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows® operating system such as the Event Log, the Registry, the file system, and Active Directory®.

They are right. One thing they didnt mention is that its free - the price we all like and can all afford.

To my mind this application works much more intuitively than PowerShell and I use it regularly for grabbing data from all sorts of sources and bringing it into a SQL table for further dissection.

Got problems in a web application and need to review the application log? Then use something like "SELECT * INTO AppLog FROM \\Server\Application".

Want to analyse the security log of a server for failure events? Then use "select top 100 * from \\boa\security where eventtypename = 'Failure Audit Event'"

These pseudo scripts all make immediate sense to a SQL DBA, OK its not exactly like this but the differences wont stop you understanding the script syntax and getting to use more data about your environment.

Lets start off by downloading and installing the application. You get it from Microsoft here:Logparser download.
OK, you should have the application all installed now, along with its comprehensive help documentation.

Start the app and you will get a command-prompt-like window open, titled Log Parser 2.2 and with a stream of BNF description. Now, all Log Parser commands begin with the key word LOGPARSER, followed by the query in double quotes, with any switches and parameters following on behind that. Hitting enter runs the query.

Are you ready for your first Log Parser query? OK, we'll get the names, sizes and last accessed date of files in the root of C:\. Type this into the Log Parser window.

• LOGPARSER "SELECT TOP 10 name, size, lastaccesstime from C:\*.txt" -i:FS

Simple isnt it? We asked for the name, size and lastaccesstime for top ten records from C:\ that have a .txt extension. Just as a little hint to Logparser that we are asking for data from the file system, we set input format with -i:FS. If you want Log Parser to describe this to you itself type in:

• LOGPARSER -h -i:FS

To get a chart illustrating the types of event in your application log from a given date then use

• Logparser "select eventtypename, count(*) into c:\application.jpg from file://machinename/application where timegenerated > '2009-08-12 00:00:00' group by eventtypename" -charttype:column3d

To review the massive list of options on what sort of chart you can have then use this:

• LOGPARSER -h -o:charttype

Thats it for the minute, next time we'll look at getting Log Parser to get data into our database so that we can analyse it further.

LogParser resources:

Download details
http://www.microsoft.com/DownLoads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en

Support forum
http://forums.iis.net/default.aspx?GroupID=51