This gives us the possibility of using SQL to query the logs. Internally, Log Parser uses a SQL-like engine. To see a complete list of all of the possible Input Formats, consult the help file (“Log Parser.chm”) that you’ll find in the Log Parser installation directory. In this case, Log Parser will query the “errors.log” file using the CSV Input Format. If Log Parser can’t determine the Input Format, you can specify it with the “-i” option: LogParser -i:CSV "SELECT * FROM errors.log" Similarly, Log Parser knows which Input Format to choose when you specify an XML or CSV file. In our example, the tool knows that “Application” is an Event Log Input Format. In some cases, Log Parser can determine the Input Format for you. Generic XML, CSV, TSV and W3C formatted text files.IIS log files (W3C, IIS, NCSA, Centralized Binary Logs, HTTP Error logs, URLScan logs, and ODBC logs).Log Parser has several Input Formats that can retrieve data from In fact, this is what Log Parser calls an Input Format.
However, this “Application” points to the Application log of the Windows Event Log. In the above query, it seems we selected certain columns from an “Application” table in some database. But there are other tools that provide you such features. Log Parser has no concept of a dashboard to take a quick glance at the status of your application. Unfortunately, it’s a bit of a hassle to execute your favorite queries every time you want to get some insights. There’s a lot of data to be extracted from IIS logs. This is a powerful way to get ad-hoc statistics from your IIS logs: performance, user agents, HTTP response codes, IP addresses, requested addresses, etc. On my computer, this produces the following result: We can put this query in a SQL file and format it nicely like below: SELECT QUANTIZE(TimeGenerated, 86400) AS Day, COUNT(*) AS But it’s a long statement that we have to keep on one line. You can run this in the installation folder of Log Parser. This query will show us the number of errors per day in the Application event log: LogParser "SELECT QUANTIZE(TimeGenerated, 86400) AS Day, COUNT(*) AS FROM Application WHERE EventType = 1 OR EventType = 2 GROUP BY Day ORDER BY Day ASC" Basically, you point Log Parser to a source, tell it what format the logs are in, define a query, and write the output somewhere.Īn example will make this clear. This makes it a useful tool for searching through large and/or multiple logs. Log Parser will parse a variety of logs in such a way that you can execute SQL-like queries on them. Log Parser Studio also comes with many default queries, which is very useful if you’re using the tool for the first time. If you prefer, you can use Log Parser Studio, a graphical user interface that builds on top of Log Parser.
Just download the installer from Microsoft or use Chocolatey. According to Microsoft, Log Parser “provides universal query access to text-based data such as log files, XML files, and CSV files, as well as key data sources on the Windows® operating system such as the Event Log, the Registry, the file system, and Active Directory®.” Also, it says, “The results of your query can be custom-formatted in text based output, or they can be persisted to more specialty targets like SQL, SYSLOG, or a chart.”