![Page 1: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/1.jpg)
LogParserLogparserisapowerful,versatiletoolthatprovidesuniversalqueryaccesstotext-baseddatasuchaslogfiles,XMLfilesandCSVfiles,aswellaskeydatasourcesontheWindows®operatingsystemsuchastheEventLog,theRegistry,thefilesystem,andActiveDirectory®.YoutellLogParserwhatinformationyouneedandhowyouwantitprocessed.Theresultsofyourquerycanbecustom-formattedintextbasedoutput,ortheycanbepersistedtomorespecialtytargetslikeSQL,SYSLOG,orachart.TheworldisyourdatabasewithLogParser.
Mostsoftwareisdesignedtoaccomplishalimitednumberofspecifictasks.LogParserisdifferent...thenumberofwaysitcanbeusedislimitedonlybytheneedsandimaginationoftheuser.Ifyoufindacreativewaytouseit,letusknowatwww.logparser.com!
Herearesomesamplestowhetyourappetite...
![Page 2: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/2.jpg)
SearchforDataSearchforthelogonsofaspecificuseramongtheeventsintheWindowsEventLog:
C:\>LogParser"SELECTTimeGenerated,SourceName,EventCategoryName,MessageINTOreport.txtFROMSecurityWHEREEventID=528ANDSIDLIKE'%TESTUSER%'"-resolveSIDs:ONAndobtainresultsinatextfileformattedasdesired:
![Page 3: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/3.jpg)
CreateReportsCreatecustom-formattedHTMLreports:
![Page 4: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/4.jpg)
CalculateStatisticsCalculatethedistributionoftheHTTPresponsestatuscodesfromyourIISlogfiles:
C:\>LogParser"SELECTsc-status,COUNT(*)ASTimesINTOChart.gifFROM<1>GROUPBYsc-statusORDERBYTimesDESC"-chartType:PieExploded3D-chartTitle:"StatusCodes"Andproduceachartformattedasdesired:
![Page 5: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/5.jpg)
SystemRequirementsLogParseriscompatiblewiththeWindows®2000,Windows®XPProfessional,andWindowsServerTM2003operatingsystems.
©2004MicrosoftCorporation.Allrightsreserved.
![Page 6: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/6.jpg)
What'sNewinLogParser2.2
![Page 7: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/7.jpg)
NewInputandOutputFormats:
XMLInputFormatReadsXMLfiles(requirestheMicrosoft®XMLParser(MSXML))
TSVInputFormatReadstab-andspace-separatedvaluestextfiles
ADSInputFormatReadsinformationfromActiveDirectoryobjects
COMInputFormatMakesitpossibletopluginuser-implementedcustomInputFormats
REGInputFormatReadsinformationfromtheWindowsRegistry
NETMONInputFormatMakesitpossibletoparseNetMon.capcapturefiles
ETWInputFormatReadsEventTracingforWindowslogfilesandlivesessions
CHARTOutputFormatCreateschartimagefiles(requiresMicrosoftOffice2000orlater)
TSVOutputFormatWritestab-andspace-separatedvaluestextfiles
SYSLOGOutputFormatSendsinformationtoaSYSLOGserverortoaSYSLOG-formattedtextfile
![Page 8: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/8.jpg)
ImprovementstotheSQLEngine:
ExponentialperformanceimprovementinSELECTDISTINCTandGROUPBYqueries
"WITHROLLUP"functionalityintheGROUPBYclause
"DISTINCT"inaggregatefunctions(whennoGROUPBYclauseisspecified)
"PROPSUM(...)[ON<fields>]"and"PROPCOUNT(...)[ON<fields>]"aggregatefunctions
(thesefunctionscalculatetheratiobetweentheSUMorCOUNTfunctionsonafieldandtheSUMorCOUNTfunctionsonthesamefieldinahierarchicallyhighergroup)
Newfunctions:MODBIT_AND,BIT_OR,BIT_NOT,BIT_XOR,BIT_SHL,BIT_SHREXP10,LOG10ROUND,FLOORQNTROUND_TO_DIGIT,QNTFLOOR_TO_DIGITSTRREPEATIN_ROW_NUMBER,OUT_ROW_NUMBERROT13EXTRACT_FILENAME,EXTRACT_EXTENSION,EXTRACT_PATHHEX_TO_ASC,HEX_TO_PRINT,HEX_TO_INTHEX_TO_HEX8,HEX_TO_HEX16,HEX_TO_HEX32IPV4_TO_INT,INT_TO_IPV4HASHSEQ,HASHMD5_FILEEXTRACT_PREFIX,EXTRACT_SUFFIX
![Page 9: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/9.jpg)
STRCNT
Introduceda"USING"clausefordeclaringtemporaryfield-expressions
"BETWEEN"operatorintheWHEREandHAVINGclauses
"CASE"(simple-form)statementintheSELECTclause("SELECTCASEmyFieldWHEN'value1'THEN'0'WHEN'value2'THEN'1'ELSE'-1'END")
Newdateandtimeformats:l(milliseconds-lowercase'L')n(nanoseconds)tt(AM/PM)?(anycharacter)
FieldsandAliasesarenowcase-insensitive
![Page 10: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/10.jpg)
ImprovementstoexistingInputandOutputFormats:
AddedmanynewparameterstomostoftheInputandOutputFormats
TheNCSAinputformatnowparsesalsocombinedandextendedNCSAlogfiles
Added"EventCategoryName"and"Data"fieldstotheEVTinputformat
The"-recurse"optionsofmostinputformatsnowspecifyamaximumsubdirectoryrecursionlevel
TheCSVInputandOutputFormatsnowsupportCSVfileswithdouble-quotedstrings
Added"FileVersion","ProductVersion","CompanyName",etc.fieldstotheFSinputformat
Allowed'*'and'?'wildcardsinthesitenamespecificationsforalltheIISinputformats
("SELECT*FROM<mysite*.com>")
AllowedURL'sastheinputpathofalltext-basedinputformats("SELECT*FROMhttp://www.adatum.com/table.csv")
AlloweduseofenvironmentvariablenamesintheTPLoutputformatsections,andaddedaSYSTEM_TIMESTAMPvariable
PerformanceimprovementintheEVTinputformatwhenreadingfromlocalandremoteeventlogs
AllthepropertynamesoftheinputandoutputformatCOMobjectsnowmatchthecommand-linenames
![Page 11: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/11.jpg)
Generalimprovements:
Addedthepossibilitytospecifyparametersin.sqlfiles("logparser-file:myquery.sql?param1=value1+param2=value2")
InputI/Operformanceimprovementfortextfiles
Addedthepossibilitytopermanentlyoverridethedefaultvaluesofglobaloptions,inputformatoptions,andoutputformatoptions
("logparser-e:10-o:NAT-rtp:-1-savedefaults")
©2004MicrosoftCorporation.Allrightsreserved.
![Page 12: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/12.jpg)
ConceptualOverviewThissectionprovidesinformationontheoperationalmechanismsofLogParser.
LogParserArchitecture:DescribestheinternalarchitectureofLogParser.Records:DescribesthedatathatLogParserprocesseswhenworkingwithInputandOutputFormats.CommandsandQueries:DescribeshowLogParsercommandsarestructured,andhowyouspecifyqueriesinacommand.Errors,ParseErrors,andWarnings:DescribestheruntimeerrorsthatcanbegeneratedbyLogParserwhenexecutingacommand.
©2004MicrosoftCorporation.Allrightsreserved.
![Page 13: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/13.jpg)
LogParserArchitectureLogParserismadeupofthreecomponents:
InputFormatsaregenericrecordproviders;recordsareequivalenttorowsinaSQLtable,andInputFormatscanbethoughtofasSQLtablescontainingthedatayouwanttoprocess.LogParser'sbuilt-inInputFormatscanretrievedatafromthefollowingsources:
IISlogfiles(W3C,IIS,NCSA,CentralizedBinaryLogs,HTTPErrorlogs,URLScanlogs,ODBClogs)WindowsEventLogGenericXML,CSV,TSVandW3C-formattedtextfiles(e.g.ExchangeTrackinglogfiles,PersonalFirewalllogfiles,WindowsMedia®Serviceslogfiles,FTPlogfiles,SMTPlogfiles,etc.)WindowsRegistryActiveDirectoryObjectsFileandDirectoryinformationNetMon.capcapturefilesExtended/CombinedNCSAlogfilesETWtracesCustomplugins(throughapublicCOMinterface)
ASQL-LikeEngineCoreprocessestherecordsgeneratedbyanInputFormat,usingadialectoftheSQLlanguagethatincludescommonSQLclauses(SELECT,WHERE,GROUPBY,HAVING,ORDERBY),aggregatefunctions(SUM,COUNT,AVG,MAX,MIN),andarichsetoffunctions(e.g.SUBSTR,CASE,COALESCE,REVERSEDNS,etc.);theresultingrecordsarethensenttoanOutputFormat.
OutputFormatsaregenericconsumersofrecords;theycanbethoughtofasSQLtablesthatreceivetheresultsofthedataprocessing.LogParser'sbuilt-inOutputFormatscan:
Writedatatotextfilesindifferentformats(CSV,TSV,XML,W3C,
![Page 14: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/14.jpg)
user-defined,etc.)SenddatatoaSQLdatabaseSenddatatoaSYSLOGserverCreatechartsandsavethemineitherGIForJPGimagefilesDisplaydatatotheconsoleortothescreen
Note:Transmittingdatathroughanon-securenetworkmightposeaserioussecurityrisktotheconfidentialityoftheinformationtransmitted.Formoreinformationonthesecurityrisksassociatedwithnon-securenetworks,seeSecurityConsiderations.
TheLogParsertoolisavailableasacommand-lineexecutable(LogParser.exe)andasasetofscriptableCOMobjects(LogParser.dll).Thetwobinariesareindependentfromeachother;ifyouwanttouseonlyone,youdonotneedtoinstalltheotherfileonyourcomputer.
©2004MicrosoftCorporation.Allrightsreserved.
![Page 15: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/15.jpg)
RecordsLogParserqueriesoperateonrecordsfromanInputFormat.RecordsareequivalenttorowsinaSQLtable,andInputFormatsareequivalenttoSQLtablescontainingtherows(data)youwanttoprocess.
![Page 16: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/16.jpg)
FieldsandDataTypesEachrecordgeneratedbyanInputFormatismadeupofafixednumberoffields(thecolumnsinaSQLtable),andeachfieldisassignedaspecificnameandaspecificdatatype;thedatatypessupportedbyLogParserare:IntegerRealStringTimestamp
Fieldsinarecordcanonlycontainvaluesofthedatatypeassignedtothefieldor,whenthedataforthatfieldisnotavailable,theNULLvalue.
Forexample,let'sconsidertheEVTInputFormat,whichproducesarecordforeacheventintheWindowsEventLog.Usingthecommand-lineexecutable,wecandiscoverthestructureoftherecordsprovidedbythisInputFormatbytypingthefollowinghelpcommand:
C:\>LogParser-h-i:ETW
TheoutputofthiscommandgivesadetailedoverviewoftheEVTInputFormat,includinga"Fields"sectiondescribingthestructureoftherecordsproduced:
Fields:EventLog(S)RecordNumber(I)TimeGenerated(T)TimeWritten(T)EventID(I)EventType(I)EventTypeName(S)EventCategory(I)EventCategoryName(S)SourceName(S)Strings(S)ComputerName(S)SID(S)Message(S)Data(S)
Fromtheoutputabove,weunderstandthateachrecordismadeupof15fields,andthat,forinstance,thefourthfieldofeachrecordisnamed"TimeWritten"andalwayscontainsvaluesoftheTIMESTAMPdatatype.
![Page 17: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/17.jpg)
RecordStructureSomeInputFormatshaveafixedstructurefortheirrecords(liketheEVTInputFormatusedintheexampleabove,ortheFSInputFormat),butotherscanhavedifferentstructuresdependingonthevaluesspecifiedfortheirparametersoronthefilesbeingparsed.
Forinstance,theNETMONInputFormat,whichparsesNetMoncapturefiles,hasaparameter("fMode")thatcanbeusedtospecifyhowtherecordsshouldbestructured.WecanseethedifferentstructureswhenweaddthisparametertothehelpcommandfortheNETMONformat.ThefirstexampleshowsthefieldsexportedbytheNETMONInputFormatwhenits"fieldmode"issetto"TCPIP"(eachrecordisasingleTCP/IPpacket),andthesecondexampleshowsthefieldsexportedbytheNETMONInputFormatwhenits"fieldmode"issetto"TCPConn"(eachrecordisafullTCPconnection):
C:\>LogParser-h-i:NETMON-fMode:TCPIP
Fields:CaptureFilename(S)Frame(I)DateTime(T)FrameBytes(I)SrcMAC(S)SrcIP(S)SrcPort(I)DstMAC(S)DstIP(S)DstPort(I)IPVersion(I)TTL(I)TCPFlags(S)Seq(I)Ack(I)WindowSize(I)PayloadBytes(I)Payload(S)Connection(I)
C:\>LogParser-h-i:NETMON-fMode:TCPConn
Fields:CaptureFilename(S)StartFrame(I)EndFrame(I)Frames(I)DateTime(T)TimeTaken(I)SrcMAC(S)SrcIP(S)SrcPort(I)SrcPayloadBytes(I)SrcPayload(S)DstMAC(S)DstIP(S)DstPort(I)DstPayloadBytes(I)DstPayload(S)
Asanotherexample,theCSVInputFormat,whichparsestextfilescontainingcomma-separatedvalues,createsitsownstructurebyinspectingtheinputfileforfieldnamesandtypes.WhenusingthehelpcommandwiththeCSVInputFormat,the"Fields"sectionshowsnoinformationontherecordstructure:
C:\>LogParser-h-i:CSV
Fields:Fieldnamesandtypesareretrievedatruntimefromthespecifiedinputfile(s)However,whenwesupplythenameofaCSVfilethat,forinstance,contains2fields("LogDate"and"Message"),thenwecanseethestructureoftherecordsproducedwhenparsingthatfile:
C:\>LogParser-h-i:CSVlog.csv
Fields:
![Page 18: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/18.jpg)
Filename(S)RowNumber(I)LogDate(T)Message(S)©2004MicrosoftCorporation.Allrightsreserved.
![Page 19: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/19.jpg)
CommandsandQueriesWhenusingthecommand-lineexecutable,LogParserworksoncommandssuppliedbytheuser.Eachcommandhasfivedistinctcomponents:
TheInputFormattouse;OptionalparametersfortheInputFormat;TheOutputFormattouse;OptionalparametersfortheOutputFormat;TheSQLquerythatprocessestherecordsgeneratedbytheInputFormatandproducesrecordsfortheOutputFormat.
Forexample,let'sconsiderthefollowingsimplecommand:
C:\>LogParser-i:EVT-fullText:OFF-o:CSV-tabs:OFF"SELECT*INTOoutput.csvFROMSYSTEM"Thecommandaboveisstructuredasfollows:TheEVTInputFormatisselectedusingthe-i:<InputFormatname>parameter;Its"fullText"parameterissettothe"OFF"value;TheCSVOutputFormatisselectedusingthe-o:<OutputFormatname>parameter;Its"tabs"parameterissettothe"OFF"value;TheSQLqueryis"SELECT*INTOoutput.csvFROMSYSTEM",whichspecifiesthatallrecordsgeneratedfromtheSystemEventLogshouldbesentdirectlytotheOutputFormatwithnofurtherprocessing.
Insomecases,itmightnotbenecessarytospecifytheInputFormat.Intheexamplecommandabove,thevalueoftheFROMclauseis"SYSTEM",whichisthenameofastandardWindowsEventLog;thisnameisautomaticallyrecognizedbyLogParserasacandidatefortheEVTInputFormat,sowecanavoidspecifyingtheInputFormatnamealtogether:
![Page 20: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/20.jpg)
C:\>LogParser-fullText:OFF-o:CSV-tabs:OFF"SELECT*INTOoutput.csvFROMSYSTEM"AsexamplesofothervaluesofFROMclausesthatcanberecognizedbyLogParser,theIISW3CInputFormatisselectedautomaticallywhenthefilenameintheFROMclausestartswith"ex"andhasthe".log"extension,andtheXMLInputFormatisselectedautomaticallywhenthefilenamehasthe".xml"extension.
ThesameappliestoOutputFormats:intheexamplecommandabove,thefilenameintheINTOclausehasthe"csv"extension,thusselectingautomaticallytheCSVOutputFormat;thesamecommandcanthereforebetypedas:
C:\>LogParser-fullText:OFF-tabs:OFF"SELECT*INTOoutput.csvFROMSYSTEM"WhenanOutputFormatisnotspecified,andtheSQLquerydoesnotcontainanINTOclauseLogParserautomaticallyselectstheNATOutputFormat,whichprintstheresultsofthequerytotheconsolewindow.
TheseexamplesshowtheminimalLogParsercommandismadeupoftheSQLqueryalone.InmostcasestheInputandOutputformatscanbedeductedautomaticallyfromtheINTOandFROMclausesofthequery;however,itisarecommendedgoodpracticetoalwaysexplicitlyspecifytheInputandOutputformatsusingthe-iand-oparameters.
©2004MicrosoftCorporation.Allrightsreserved.
![Page 21: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/21.jpg)
Errors,ParseErrors,andWarningsDuringtheexecutionofacommand,LogParsercanencounterthreedifferenttypesofruntimeerrors:Errors,ParseErrors,andWarnings.
![Page 22: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/22.jpg)
ErrorsErrorsareexceptionaleventsoccurringduringtheexecutionofacommandthatcausethecommandtoabort.
EventhoughErrorscanoccurduetoalargenumberofreasons,themostcommoncausescanbecategorizedasfollows:
Invalidquerysyntax:thequeryspecifiedinthecommandisinvalid.InputFormaterrors:thespecifiedInputFormathasencounteredanerrorthatpreventsitfromgeneratinginputrecords.Thiscouldhappen,forexample,whentheFROMclausespecifiesanentity(e.g.afile)thatdoesnotexist.OutputFormaterrors:thespecifiedOutputFormathasencounteredanerrorthatpreventsitfromconsumingoutputrecords.Thiscouldhappen,forexample,whentheINTOclausespecifiesanentity(e.g.afile)thatcannotbewrittento.ToomanyParseErrors:thespecifiedInputFormathasencounteredtoomanyParseErrors,asspecifiedbythe"-e"command-lineglobalparameter.Catastrophicerrors:forexample,LogParserranoutofmemory.
Whenanerroroccurs,theLogParsercommand-lineexecutableabortsthequeryexecutionandreturnstheerrormessageandtheerrorcode.WhenanerroroccurswhileusingtheLogParserscriptableCOMcomponents,aCOMexceptionisthrowncontainingtheerrormessageandtheerrorcode.Inmostcases,theerrorcodereturnedistheinternalsystemerrorcodethatcausedtheerror.
![Page 23: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/23.jpg)
ParseErrorsParseErrorsareerrorsthatoccurwhiletheselectedInputFormatgeneratesthedataonwhichthequeryoperates.Mostofthetimes,asthenamesuggests,theseerrorsaregeneratedwhenaloghasmalformedentries(forexample,whenusingtheIISW3CInputFormat),orwhenasystemerrorpreventsanInputFormatfromprocessingaspecificentryinthedata(forexample,an"accessdenied"erroronafilewhenusingtheFSInputFormat).Inanyevent,thepresenceofaParseErrorindicatesthattheInputFormathadtoskipthedataentrythatcausedtheerror;forexample,whenaParseErrorisencounteredbytheIISW3CInputFormatwhileparsingamalformedlineinthelog,thatlinewillbeskippedanditwillnotbeprocessedbytheSQLengine.
ParseErrorsdonotgenerallycauseearlyterminationofthecurrentlyexecutingcommand,butrather,theyarecollectedinternallybytheSQLengineandreportedwhenthecommandexecutioniscomplete.Thisbehaviorcanbecontrolledwiththe-ecommand-lineglobalparameter.ThevalueusedwiththisparameterspecifiesamaximumnumberofParseErrorstocollectinternallybeforeabortingtheexecutionofthecommand.Forexample,ifweexecuteaqueryonanIISW3Clogfilespecifying"-e:10",LogParserwillcollectupto10ParseErrorsduringtheexecutionofthecommand.IftheIISW3CInputFormatencounters10orlessParseErrors,thecommandwillcompletesuccesfully,andthecollectedParseErrorswillbereportedindetailattheendoftheexecution.Ontheotherhand,iftheinputlogfilecontainsmorethan10malformedloglines,the11thParseErrorwillcausethecommandtoabortandreturnanError.
Thedefaultvalueforthiscommand-lineparameteris-1,whichisaspecialvaluecausingtheSQLenginetoignoreallParseErrorsandreportonlythetotalnumberofParseErrorsencounteredduringtheexecutionofacommand.
Asanexample,considerthefollowingcommand,whichparsesan
![Page 24: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/24.jpg)
IISW3ClogfileandwritesalltheinputrecordstoaCSVfile:
C:\>LogParser-i:IISW3C-o:CSV"SELECT*INTOOutput.csvFROMex020528.log"Let'sassumethatthe"ex020528.log"logfilecontains3malformedloglines.Afterexecutingthecommandabove,theoutputwillbeasfollows:
Taskcompletedwithparseerrors.Parseerrors:3parseerrorsoccurredduringprocessing
Statistics:-----------Elementsprocessed:997Elementsoutput:997Executiontime:0.03seconds
Thisoutputtellsusthatthecommandexecutedsuccesfully,but3ParseErrorshavebeenencounteredwhileprocessingtheinputdata.Sincethedefaultvalueforthe"-e"command-lineparameteris-1,theSQLenginehasignoredalltheseParseErrors,keepingjusttheirtotalcount.
IfwewantedtheseParseErrorstobereportedindetail,wecouldspecifyavalueforthe"-e"parameterdifferentthan-1:
C:\>LogParser-i:IISW3C-o:CSV"SELECT*INTOOutput.csvFROMex020528.log"-e:10Inthiscase,theoutputwouldbe:
Taskcompletedwithparseerrors.Parseerrors:Errorwhileparsingfieldsc-status:ErrorparsingStatusCode"2b00":Extracharacter(s)foundinintegerLogFile"C:\Logs\ex020528.log",Rownumber23,Value"2b00"Cannotfindend-of-line-extracharactersdetectedattheendoflogentryLogFile"C:\Logs\ex020528.log",Rownumber118LogrowterminatesunexpectedlyLogFile"C:\Logs\ex020528.log",Rownumber188
Statistics:-----------Elementsprocessed:997Elementsoutput:997Executiontime:0.03seconds
Thecommandstillexecutedsuccesfully,andthistimethe3ParseErrorshavebeencollectedandreportedattheendoftheexecution.
Ifwehadspecified"2"forthe"-e"parameter,theSQLenginewouldhaveabortedtheexecutionofthecommand,andanErrorwouldbereturned:
Taskaborted.Toomanyparseerrors-abortingParseerrors:Errorwhileparsingfieldsc-status:ErrorparsingStatusCode"2b00":Extracharacter(s)foundinintegerLogFile"C:\Logs\ex020528.log",Rownumber23,Value"2b00"Cannotfindend-of-line-extracharactersdetectedattheendoflogentry
![Page 25: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/25.jpg)
LogFile"C:\Logs\ex020528.log",Rownumber118LogrowterminatesunexpectedlyLogFile"C:\Logs\ex020528.log",Rownumber188
Statistics:-----------Elementsprocessed:182Elementsoutput:181Executiontime:0.01seconds
![Page 26: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/26.jpg)
WarningsWarningsareexceptionaleventsoccurringduringtheexecutionofacommandthatrequireattentionfromtheuser.Thereareonlyafewsituationsthatcouldcauseawarning,andthesearehandleddifferentlydependingonwhetherornotthewarningarisesduringtheexecutionofacommand,orwhentheexecutionhascompleted.
Whenawarningisgeneratedduringtheexecutionofacommand,thecommand-lineexecutableshowsaninteractiveprompttotheuseraskingwhetherornottheexecutionshouldcontinue.
Asanexample,consideracommandthatwritesoutputrecordstoaCSVfile.TheCSVOutputFormat"fileMode"parametercanbeusedtospecifywhatactionshouldbetakenincasetheoutputfilealreadyexists.Thevalue"2"specifiesthatalreadyexistingoutputfilesshouldnotbeoverwritten;whenusingthisoption,theCSVOutputFormatwillraiseaWarningwhenanalreadyexistingoutputfilewillnotbeoverwritten:
C:\>LogParser-i:EVT-o:CSV"SELECTTOP5MessageINTOOutput.csvFROMSystem"-fileMode:2WARNING:FileC:\LogSamples\Output.csvexistsanditwillnotbeoverwritten.Doyouwanttocontinue?[Yes/No/Ignoreall]:Whenthispromptappears,theusercanchoosebetweencontinuingtheexecutionofthecommandallowingadditionalwarningstotriggerthepromptagain,abortingtheexecutionofthecommand(inwhichcasethecommandterminateswithanError),orcontinuingtheexecutionofthecommandignoringadditionalwarnings.
Theinteractivepromptcanbecontrolledwiththeglobal-iwcommand-lineparameter.ThisON/OFFparameterspecifieswhetherornot
![Page 27: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/27.jpg)
warningsshouldbeignored;thedefaultvalueis"OFF",meaningthatruntimewarningswillnotbeignoredandwilltriggertheinteractiveprompt.Specifying"ON",ontheotherhand,disablestheinteractiveprompt,andruntimewarningswillbeignoredandtheirtotalcountwillbereportedwhenthecommandexecutionhascompleted:
C:\>LogParser-i:EVT-o:CSV"SELECTTOP5MessageINTOOutput.csvFROMSystem"-fileMode:2-iw:ONTaskcompletedwithwarnings.Warnings:1warningoccurredduringprocessing
Statistics:-----------Elementsprocessed:5Elementsoutput:5Executiontime:0.03seconds
Tip:IfyouusetheLogParsercommand-lineexecutableinanon-interactivescript(e.g.inascriptthathasbeenscheduledtorunautomaticallyatspecifictimes),youshouldalwaysuse"ON"forthe"iw"parameter,otherwiseintheeventofaruntimewarningtheLogParsercommandwillstallwaitingforausertopressakeyintheinteractiveprompt.
Warningsthataregeneratedwhenacommandhascompletedaresimplyreportedtotheuser.
Forexample,the"ignoreDspchErrs"parameteroftheSYSLOGOutputFormatcanbeusedtospecifywhetherornoterrorsoccurringwhiledispatchingoutputrecordsshouldbeignoredandreportedaswarningsattheendoftheexecution.ThefollowingexamplecommandusestheSYSLOGOutputFormattosendoutputrecordstoanon-existinguser:
C:\>LogParser-i:EVT-o:SYSLOG"SELECTTOP5MessageINTONonExistingUserFROMSystem"-ignoreDspchErrs:ONSincethespecifieduserdoesnotexist,theSYSLOGOutputFormatwillencounteranerrorforeachoutputrecorditwilltrytosendtotheuser;the"ON"valueforthe"ignoreDspchErrs"tellstheoutputformattoignoretheseerrorsandreportallofthemwhentheexecutionhascompleted:
Taskcompletedwithwarnings.Warnings:Thefollowingdispatcherrorsoccurred:Themessagealiascouldnotbefoundonthenetwork.(5times)©2004MicrosoftCorporation.Allrightsreserved.
![Page 28: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/28.jpg)
Statistics:-----------Elementsprocessed:5Elementsoutput:5Executiontime:0.02seconds
![Page 29: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/29.jpg)
WritingaQueryWithLogParseryouuseQuerieswritteninadialectoftheSQLlanguagetospecifytheoperationsthattransforminputrecordsgeneratedbyanInputFormatintooutputrecordsthataredeliveredtoanOutputFormat.
InthissectionwewillcovertheeightbasicbuildingblocksoftheSQL-LikequeriesthatyoucanusewithLogParsertoperformdifferentprocessingtasks.
©2004MicrosoftCorporation.Allrightsreserved.
![Page 30: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/30.jpg)
BasicsofaQueryThemostsimplequerythatcanbewrittenwithLogParserspecifiesthatalltheInputRecordsgeneratedbyanInputFormataretobedeliveredtoanOutputFormatwithnointerveningprocessing.
Forexample,let'sassumethatwewanttovisualizeallthefieldsofalltheeventsintheSystemEventLog.Toperformthistask,wefirsthavetospecifytheEVTInputFormatasthesourceofourinputrecords,andwedosobyusingthe"-i:EVT"command-lineparameter.Then,wecanchoosetheNATOutputFormatastheconsumerofouroutputrecords,sincethisOutputFormatisspecificallydesignedtoprintoutputrecordstotheconsolewindow;wedosobyusingthe"-o:NAT"command-lineparameter.Finally,wespecifytheSQLquerythatperformsthedesiredtask;thecompletecommandisasfollows:
C:\>LogParser-i:EVT-o:NAT"SELECT*FROMSystem"
Thequeryabovecontainsthetwobasicbuildingblocksofeachpossiblequery:theSELECTclause,andtheFROMclause.
TheSELECTclauseisusedtospecifywhichinputrecordfieldswewanttoappearintheoutputrecords;inthisexample,thespecial"*"wildcardmeans"allthefields".
TheFROMclauseisusedtospecifywhichspecificdatasourcewewanttheInputFormattoprocess.DifferentInputFormatsinterpretthevalueoftheFROMclauseindifferentways;forinstance,theEVTInputFormatrequiresthevalueoftheFROMclausetobethenameofaWindowsEventLog,whichinourexampleisthe"System"EventLog.
Tobeprecise,theINTOclauseshouldappearineveryqueryaswell.TheINTOclauseisusedtospecifythetargetwewanttheOutputFormattowritedatato.Inourexample,wewanttheNATOutputFormattodisplayresultstotheconsolewindow.Thisisaccomplishedbyspecifying"STDOUT"forthevalueoftheINTOclause,asinthefollowingexample:
C:\>LogParser-i:EVT-o:NAT"SELECT*INTOSTDOUTFROMSystem"
![Page 31: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/31.jpg)
WhenaquerydoesnotspecifyanINTOclause,theNATOutputFormatautomaticallyselects"STDOUT"asitstarget,soinourexamplewecaneliminatetheINTOclausealtogether.
Tip:WhenyouusetheNATOutputFormattodisplayresultstotheconsolewindow,LogParserprints10linesbeforepausingtheprintoutandpromptingtheusertopressakeytodisplaythenext10lines.Tooverridethisbehavior,youcanusethe"-rtp"parameteroftheNATOutputFormattospecifythenumberoflinestobeprintedbeforepausing;ifyouwanttodisablethepausealtogetherandhaveLogParserdisplayalltherecordsinasingleprintout,usethe"-1"value.
![Page 32: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/32.jpg)
SelectingSpecificFieldsWhenyouexecutethebasicqueryabove,LogParserprintsallthefieldsofalltheeventsintheSystemEventLogtotheconsolewindow.Mostofthetimes,aprintoutofallofthe14fieldsoftheEventLogrecordsmightnotbedesired.Forexample,wemightonlywanttoseethetimeatwhicheacheventwasgenerated,thetypeoftheevent,andthenameofthesourceoftheevent.Toaccomplishthis,wehavetosubstitutethe"*"wildcardintheSELECTclausewithacomma-separatedlistofthenamesofthefieldswewishtobedisplayed.WecanseethenamesofthefieldsintheEVTInputFormatrecordsbytypingthefollowinghelpcommand:
C:\>LogParser-h-i:EVT
TheoutputofthiscommandgivesadetailedoverviewoftheEVTInputFormat,includinga"Fields"sectiondescribingthestructureoftherecordsproduced:
Fields:EventLog(S)RecordNumber(I)TimeGenerated(T)TimeWritten(T)EventID(I)EventType(I)EventTypeName(S)EventCategory(I)EventCategoryName(S)SourceName(S)Strings(S)ComputerName(S)SID(S)Message(S)Data(S)
Fromthefieldslisting,weunderstandthatthefieldsweareinterestedinarenamed"TimeGenerated","EventTypeName",and"SourceName";wecannowrewriteourcommandas:
C:\>LogParser-i:EVT-o:NAT"SELECTTimeGenerated,EventTypeName,SourceNameFROMSystem"
Tip:Fieldnamesarecase-insensitive.
Tip:Ifafieldnamecontainsspaces,youneedtoencloseitinsquarebrackets('['and']')forLogParsertobeabletorecognizeit.
Theoutputofthiscommandcontainsthreecolumns,oneforeachofthefieldswehaveselected:
TimeGeneratedEventTypeNameSourceName
![Page 33: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/33.jpg)
-----------------------------------------------------------2004-03-1418:56:55WarningeventW32Time2004-03-1414:02:23InformationeventDisk2004-03-1414:02:23InformationeventDisk2004-03-1412:00:00InformationeventEventLog2004-03-1400:41:47WarningeventW32Time2004-03-1322:17:00InformationeventServiceControlManager2004-03-1322:06:48InformationeventServiceControlManager2004-03-1322:06:48InformationeventServiceControlManager2004-03-1312:00:00InformationeventEventLog2004-03-1222:30:47InformationeventServiceControlManager
ThisexampleillustratesthemostsimpletransformationthatyoucanachievewiththeLogParserSQLlanguage:transforminganinputrecordmadeupofanumberoffieldsintoanoutputrecordmadeupofasubsetofthesefields;inSQLterms,thistransformationiscalledprojection.
![Page 34: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/34.jpg)
UsingFunctionsFunctionsareverypowerfulelementsoftheLogParserSQL-Likelanguagethattakevaluesasarguments,dosomeprocessing,andreturnanewvalue.TheLogParserSQL-Likelanguagesupportsawidevarietyoffunctions,includingarithmeticalfunctions(e.g.ADD,SUB,MUL,DIV,MOD,QUANTIZE,etc.),stringmanipulationfunctions(e.g.SUBSTR,STRCAT,STRLEN,EXTRACT_TOKEN,etc.),andtimestampmanipulationfunctions(e.g.TO_DATE,TO_TIME,TO_UTCTIME,etc.).
Consideringthepreviousexample,assumethatforthe"TimeGenerated"fieldweonlyneedtoretrievethedatewhenaneventhasbeengenerated,ignoringallofthetimeelements.Todothis,weneedtomodifythe"TimeGenerated"fieldwiththeTO_DATEfunction,whichtakesavalueoftypeTIMESTAMPandreturnsanewvalueoftypeTIMESTAMPcontainingonlytheyear,day,andmonthelements:
C:\>LogParser-i:EVT-o:NAT"SELECTTO_DATE(TimeGenerated),EventTypeName,SourceNameFROMSystem"Theoutputofthiscommandis:
TO_DATE(TimeGenerated)EventTypeNameSourceName--------------------------------------------------------------2004-03-14WarningeventW32Time2004-03-14InformationeventDisk2004-03-14InformationeventDisk2004-03-14InformationeventEventLog2004-03-14WarningeventW32Time2004-03-13InformationeventServiceControlManager2004-03-13InformationeventServiceControlManager2004-03-13InformationeventServiceControlManager2004-03-13InformationeventEventLog2004-03-12InformationeventServiceControlManager
Functionscanalsoappearasargumentsofotherfunctions.Forexample,insteadoftheeventtypenameshownintheoutputabove,wemightwantthefirstwordonly("Warning","Information",etc.),allincapitalletters.ThistaskcanbeaccomplishedbyfirstusingtheEXTRACT_TOKENfunction,whichextractsspecificsubstringsfromwithinastring,followedbytheTO_UPPERCASEfunction,whichtransformsastringintoastringwithalluppercasecharacters:
C:\>LogParser-i:EVT-o:NAT"SELECTTO_DATE(TimeGenerated),TO_UP
![Page 35: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/35.jpg)
PERCASE(EXTRACT_TOKEN(EventTypeName,0,'')),SourceNameFROMSystem"TO_DATE(TimeGenerated)TO_UPPERCASE(EXTRACT_TOKEN(EventTypeName,0,''))SourceName-----------------------------------------------------------------------------------------------2004-03-14WARNINGW32Time2004-03-14INFORMATIONDisk2004-03-14INFORMATIONDisk2004-03-14INFORMATIONEventLog2004-03-14WARNINGW32Time2004-03-13INFORMATIONServiceControlManager2004-03-13INFORMATIONServiceControlManager2004-03-13INFORMATIONServiceControlManager2004-03-13INFORMATIONEventLog2004-03-12INFORMATIONServiceControlManager
![Page 36: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/36.jpg)
SpecifyingConstantsSofarwehavewrittenSELECTclausesthatspecifybothfieldsandfunctions.Thereisathirdkindofitemthatwecoulduseinourqueries:constants.ConstantsarespecialelementsintheLogParserlanguagethatrepresentfixedvalues;justlikethefieldvalues,constantvaluescanbeoneoftheLogParsertypes:INTEGER,REAL,STRING,TIMESTAMP,andNULL.Constantscanbespecifiedinqueriesindifferentways,dependingontheirtype.
ConstantvaluesoftheINTEGERtypearespecifiedbysimplytypingtheirvalue;thefollowingquery:
SELECT242,SourceNameFROMSYSTEM
wouldproducethefollowingoutput:
242SourceName-------------242W32Time242Disk242Disk242EventLog242W32Time
ConstantvaluesoftheREALtypearespecifiedexactlyliketheINTEGERvalues,buttheyarerecognizedasbeingoftheREALtypebythepresenceofadecimalpoint:
SELECT242.7,SourceNameFROMSYSTEM
242.700000SourceName--------------------242.700000W32Time242.700000Disk242.700000Disk242.700000EventLog
STRINGconstantsmustbeenclosedwithinsingle-quotecharacters:
SELECT'MyConstant',SourceNameFROMSYSTEM
![Page 37: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/37.jpg)
242.700000W32Time'MyConstant'SourceName----------------------MyConstantW32TimeMyConstantDiskMyConstantDiskMyConstantEventLogMyConstantW32Time
SpecialcharactersinSTRINGconstantscanbespecifiedbyusingcharactersequencesprecededbythe'\'character.Forexample,asingle-quotecharactercanbespecifiedas\',whileabackslashcharactercanbespecifiedby\\:
SELECT'Contains\'aquote','Contains\\abackslash',SourceNameFROMSYSTEM'Contains'aquote''Contains\abackslash'SourceName-----------------------------------------------------Contains'aquoteContains\abackslashW32TimeContains'aquoteContains\abackslashDiskContains'aquoteContains\abackslashDiskContains'aquoteContains\abackslashEventLogContains'aquoteContains\abackslashW32Time
Inaddition,itisalsopossibletospecifyanyUNICODEcharacterusingthe\uxxxxnotation,wherexxxxisthe4-digithexadecimalrepresentationoftheUNICODEcharacter.Forexample,tospecifyatabcharacter(whoseUNICODEvalueis0009),wecouldtype:
SELECT'Contains\u0009atab',SourceNameFROMSYSTEM
ANULLconstantcanbespecifiedwiththe"NULL"keyword:
SELECTNULL,SourceNameFROMSYSTEM
TIMESTAMPconstantsarespecifiedinthefollowingway:
TIMESTAMP('timestampvalue','timestampformat')
Formoreinformationregardingtimestampvalues,constants,andformatspecifications,refertotheTimestampReference.
IntheLogParserSQLlanguage,thethreetermsthatcanbespecifiedinaSQLquery(fields,functions,andconstants)arecollectivelyreferredto
![Page 38: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/38.jpg)
asfield-expressions.
![Page 39: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/39.jpg)
AliasingField-ExpressionsConsideragainoneoftheexamplesseeninthissection:
C:\>LogParser-i:EVT-o:NAT"SELECTTO_DATE(TimeGenerated),TO_UPPERCASE(EXTRACT_TOKEN(EventTypeName,0,'')),SourceNameFROMSystem"TO_DATE(TimeGenerated)TO_UPPERCASE(EXTRACT_TOKEN(EventTypeName,0,''))SourceName-----------------------------------------------------------------------------------------------2004-03-14WARNINGW32Time2004-03-14INFORMATIONDisk2004-03-14INFORMATIONDisk2004-03-14INFORMATIONEventLog2004-03-14WARNINGW32Time2004-03-13INFORMATIONServiceControlManager2004-03-13INFORMATIONServiceControlManager2004-03-13INFORMATIONServiceControlManager2004-03-13INFORMATIONEventLog2004-03-12INFORMATIONServiceControlManager
Wecanseethatforeachfieldintheoutputrecord,theNATOutputFormatprintsacolumnheaderwiththenameofthatfield.Bydefault,outputrecordfieldsarenamedwiththefullfield-expressiontextthatgeneratesthem;inourexample,thenameofthefirstoutputrecordfieldis"TO_DATE(TimeGenerated)",whichmirrorsexactlythefield-expressiontextusedintheSELECTclause.
Wecanchangethenameofafield-expressionintheSELECTclausebyusinganAlias.Inordertoaliasafield-expressionintheSELECTclause,wecanusetheASkeywordfollowedbythenewname:
C:\>LogParser-i:EVT-o:NAT"SELECTTO_DATE(TimeGenerated)ASDateGenerated,TO_UPPERCASE(EXTRACT_TOKEN(EventTypeName,0,''))ASTypeName,SourceNameFROMSystem"DateGeneratedTypeNameSourceName-----------------------------------------------2004-03-14WARNINGW32Time2004-03-14INFORMATIONDisk2004-03-14INFORMATIONDisk2004-03-14INFORMATIONEventLog2004-03-14WARNINGW32Time2004-03-13INFORMATIONServiceControlManager2004-03-13INFORMATIONServiceControlManager2004-03-13INFORMATIONServiceControlManager2004-03-13INFORMATIONEventLog2004-03-12INFORMATIONServiceControlManager
Aliasingafield-expressionmeansassigninganametoit;aswewillseelater,thisnamecanalsobeusedanywhereelseinthequeryasashortcutthatreferstotheoriginalfield-expression.
©2004MicrosoftCorporation.Allrightsreserved.
![Page 40: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/40.jpg)
FilteringInputRecordsWhenretrievingdatafromanInputFormat,itisoftenneededtofilteroutunneededrecordsandonlykeepthosethatmatchspecificcriteria.
Forexample,considerthesimplecommandseenintheprevioussection,whichreturnsselectedfieldsfromalloftheeventsintheSystemeventlog:
C:\>LogParser-i:EVT-o:NAT"SELECTTimeGenerated,EventTypeName,SourceNameFROMSystem"TimeGeneratedEventTypeNameSourceName-----------------------------------------------------------2004-03-1418:56:55WarningeventW32Time2004-03-1414:02:23InformationeventDisk2004-03-1414:02:23InformationeventDisk2004-03-1412:00:00InformationeventEventLog2004-03-1400:41:47WarningeventW32Time2004-03-1322:17:00InformationeventServiceControlManager2004-03-1322:06:48InformationeventServiceControlManager2004-03-1322:06:48InformationeventServiceControlManager2004-03-1312:00:00InformationeventEventLog2004-03-1222:30:47InformationeventServiceControlManager
Let'snowassumethatweareonlyinterestedintheeventsgeneratedbythe"ServiceControlManager"source.Toaccomplishthistask,wecanuseanotherbasicbuildingblockoftheLogParserSQL-Likelanguage:theWHEREclause.
TheWHEREclauseisusedtospecifyabooleanexpressionthatmustbesatisfiedbyaninputrecordforthatrecordtobeoutput.Inputrecordsthatdonotsatisfytheconditionwillbediscarded.InSQLterms,filteringrecordswiththeWHEREclauseisatransformationcalledselection.
UsingtheWHEREclause,wecanrewritethepreviouscommandasfollows:
C:\>LogParser-i:EVT-o:NAT"SELECTTimeGenerated,EventTypeName,SourceNameFROMSystemWHERESourceName='ServiceControlManager'" Tip:TheWHEREclausemustimmediatelyfollowtheFROM
clause.
Theoutputofthiscommandis:
TimeGeneratedEventTypeNameSourceName-----------------------------------------------------------2004-03-1322:17:00InformationeventServiceControlManagerLet'sanalyzeindetailtheWHEREclauseusedinthisexample.Thebooleanconditionthatwehaveusedisaverysimpleone:weonly
![Page 41: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/41.jpg)
2004-03-1322:06:48InformationeventServiceControlManager2004-03-1322:06:48InformationeventServiceControlManager2004-03-1222:30:47InformationeventServiceControlManager2004-03-1222:12:32InformationeventServiceControlManager2004-03-1221:09:14InformationeventServiceControlManager
wantthoseinputrecordswhose"SourceName"fieldhastheexactvalueof"ServiceControlManager".Tospecifythiscondition,wehaveusedthe"="relationaloperator,withtheleftoperandbeingthe"SourceName"field,andtherightoperandbeingaSTRINGconstant.
![Page 42: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/42.jpg)
ComplexConditionsConditionsspecifiedintheWHEREclausecanbemorecomplex,makinguseofcomparisonoperators(suchas">","<=","<>","LIKE","BETWEEN",etc.)andbooleanoperators(suchas"AND","OR","NOT").
Forexample,wemightonlywanttoseetwokindsofevents:
Eventsgeneratedbythe"ServiceControlManager"sourcewhoseEventIDisgreaterthanorequal7024;Eventsgeneratedbythe"W32Time"source.
Toaccomplishthis,thequerycanbewrittenasfollows:
SELECTTimeGenerated,EventTypeName,SourceNameFROMSystemWHERE(SourceName='ServiceControlManager'ANDEventID>=7024)OR(SourceName='W32Time')Asanotherexample,wemightwanttoseealltheeventsthathavebeenloggedinthepast24hours.TranslatedintoWHEREterms,thismeansthatweonlywanttoseerecordswhose"TimeWritten"fieldisgreaterthanorequalthecurrentlocaltimeminus1day:
SELECT*FROMSystemWHERETimeWritten>=SUB(TO_LOCALTIME(SYSTEM_TIMESTAMP()),TIMESTAMP('0000-01-02','yyyy-MM-dd'))Tip:InLogParsertheoriginoftimeisday1ofmonth1ofyear
zero.Thismeansthatatimespanofonedaycanbespecifiedasday2ofmonth1ofyearzero,i.e.24hoursaftertheoriginoftime.
Toseesecurityeventswhose"Message"fieldcontainstheword"logon",wecanusetheLIKEoperator,whichtestsaSTRINGvalueforcase-insensitivepatternmatching:
SELECT*FROMSecurity
![Page 43: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/43.jpg)
WHEREMessageLIKE'%logon%'
IfwewanttoretrieveeventswithanIDbelongingtoaspecificsetofvalues,wecanusetheINoperatorfollowedbyalistofthedesired"EventID"values:
SELECT*FROMSecurityWHEREEventIDIN(547;541;540;528)
Tip:WiththeINoperator,singlevaluesareseparatedbythesemicoloncharacter.
Ontheotherhand,ifwewanttoretrieveeventswithanIDbelongingtoaspecificrangeofvalues,wecanusetheBETWEENoperatorasfollows:
SELECT*FROMSecurityWHEREEventIDBETWEEN528AND547
©2004MicrosoftCorporation.Allrightsreserved.
![Page 44: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/44.jpg)
SortingOutputRecordsAcommonlyusedbuildingblockofSQLqueriesistheORDERBYclause.TheORDERBYclausecanbeusedtospecifythattheoutputrecordsshouldbesortedaccordingtothevaluesofselectedfields.
Inthefollowingexample,weareusingtheFSInputFormattoretrievealistingofthefilesinaspecificdirectory,sortingthelistingbythefilesize:
C:\>LogParser-i:FS-o:NAT"SELECTPath,SizeFROMC:\MyDirectory\*.*ORDERBYSize"PathSize-------------------------------------------C:\MyDirectory\..0C:\MyDirectory\.0C:\MyDirectory\ieexec.exe.config140C:\MyDirectory\csc.exe.config163C:\MyDirectory\vbc.exe.config163C:\MyDirectory\jsc.exe.config163C:\MyDirectory\l_except.nlp168C:\MyDirectory\caspol.exe.config353C:\MyDirectory\ilasm.exe.config353C:\MyDirectory\ConfigWizards.exe.config353
Tip:TheORDERBYclausemustbethelastclauseappearinginaLogParserSQLquery.
Bydefault,outputrecordsaresortedaccordingtoascendingvalues.WecanchangethesortdirectionbyappendingtheDESC(fordescending)orASC(forascending)keywordstotheORDERBYclause,asinthefollowingexample:
C:\>LogParser-i:FS-o:NAT"SELECTPath,SizeFROMC:\MyDirectory\*.*ORDERBYSizeDESC"PathSize----------------------------------------------C:\MyDirectory\mscorsvr.dll2494464C:\MyDirectory\mscorwks.dll2482176C:\MyDirectory\corperfmonsymbols.ini2435148C:\MyDirectory\mscorlib.dll2088960C:\MyDirectory\System.Windows.Forms.dll2039808C:\MyDirectory\System.Design.dll1699840C:\MyDirectory\mscorcfg.dll1564672
Tip:DifferentlythanthestandardSQLlanguage,theLogParserSQL-LikelanguagesupportsonlyoneDESCorASCkeywordforthewholeORDERBYclause.
Ifwewantourlistingtobesortedfirstbyfilesizeandthenbyfilecreationtime,wecandosobyspecifyingbothfield-expressionsintheORDERBYclause:
C:\>LogParser-i:FS-o:NAT"SELECTName,Size,CreationTimeFROMC:\
![Page 45: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/45.jpg)
MyDirectory\*.*ORDERBYSize,CreationTime"NameSizeCreationTime---------------------------------------------------..02004-05-2408:14:07.221.02004-05-2408:14:07.221ieexec.exe.config1402004-05-2408:14:21.441csc.exe.config1632004-05-2408:14:21.191jsc.exe.config1632004-05-2408:14:21.762vbc.exe.config1632004-05-2408:14:26.599l_except.nlp1682004-05-2408:14:21.812caspol.exe.config3532004-05-2408:14:20.920ConfigWizards.exe.config3532004-05-2408:14:21.21cvtres.exe.config3532004-05-2408:14:21.251
Sincethesortoperationisperformedonoutputrecords,theLogParserSQL-Likelanguagerequiresthatfield-expressionsappearingintheORDERBYclausemustalsoappearintheSELECTclause.Inotherwords,thesetoffield-expressionsintheORDERBYclausemustbeasubsetofthefield-expressionsintheSELECTclause.Thus,thefollowingexampleisNOTcorrect:
SELECTSourceName,EventIDFROMSystemORDERBYTimeGeneratedOntheotherhand,thefollowingexampleIScorrect:
SELECTSourceName,EventID,TimeGeneratedFROMSystemORDERBYTimeGenerated
©2004MicrosoftCorporation.Allrightsreserved.
![Page 46: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/46.jpg)
AggregatingDataWithinGroupsAllthequeryexamplesthatwehaveseensofarshareacommoncharacteristic:thevaluesofeachoutputrecordwerebuiltuponthevaluesofasingleinputrecord.Sometimes,however,wemightneedtoaggregatemultipleinputrecordstogetherandperformsomeoperationongroupsofinputrecords.Toaccomplishthistask,theLogParserSQL-Likelanguagehasaspecialsetoffunctionsthatcanbeusedtoperformbasiccalculationsonmultiplerecords.Theseaggregatefunctions(alsoreferredtoas"SQLfunctions")includeSUM,COUNT,MAX,MIN,andAVG.
![Page 47: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/47.jpg)
AggregatingDataToshowaclassicexampleoftheuseofaggregatefunctions,assumethatgivenanIISW3Clogfile,wewanttocalculatethetotalnumberofbytessentbytheIISserverduringthewholeperiodrecordedinthelogfile.ConsideringthatthenumberofbytessentbytheIISserverforeachHTTPrequestisloggedinthe"sc-bytes"field,ourcommandwilllooklikethefollowingexample:
C:\>LogParser-i:IISW3C-o:NAT"SELECTSUM(sc-bytes)FROMex040528.log"SincetheSELECTclauseofthisquerymakesuseoftheSUMaggregatefunction,thequerywillautomaticallyaggregatealltheinputrecords,andcalculatethesumofallthevaluesofthe"sc-bytes"fieldacrossalltheinputrecords;theoutputofthiscommandwillthenlooklikethefollowingoutput:
SUM(sc-bytes)-------------242834732Astheexampleshows,theresultofthequeryisasingleoutputrecord,containingasinglevaluecalculatedacrossalltheinputrecords.
Asanotherexample,wemightwanttocalculatehowmanyrequestshavebeenloggedinthelogfile.ConsideringthateachlogfileentryrepresentsasingleHTTPrequest,thistaskcanbeaccomplishedbysimplycountinghowmanyinputrecordsareloggedinthefile:
C:\>LogParser-i:IISW3C-o:NAT"SELECTCOUNT(*)FROMex040528.log"TheexampleabovemakesuseoftheCOUNTaggregatefunction.Whenusedwiththespecial"*"argument,theCOUNTfunctionreturnsthetotal
![Page 48: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/48.jpg)
numberofinputrecordsprocessedbythequery.
Ifwewanttocalculatehowmanyrequestssatisfyaparticularcondition,forexamplehowmanyrequestswereforanASPpage,wecanaddaWHEREclausetothequery,andtheCOUNTfunctionwillonlycountinputrecordssatisfyingtheWHEREcondition:
SELECTCOUNT(*)FROMex040528.logWHEREEXTRACT_EXTENSION(cs-uri-stem)LIKE'asp'
![Page 49: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/49.jpg)
CreatingGroupsIntheexamplesabove,wehavebeenusingaggregatefunctionstocalculateavalueacrossalltheinputrecords;sometimes,however,wemightwanttocalculatevaluesacrossgroupsofinputrecords.
Asanexample,wemightwanttocalculatethetotalnumberofbytessentbytheIISserverforeachURL.Toperformthistask,weneedtodividealltheinputrecordsintogroupsaccordingtotheURLrequested,andthenusetheSUMaggregatefunctionseparatelyoneachgroup.
ThiscanbeaccomplishedbyusinganotherbuildingblockoftheLogParserSQLlanguage:theGROUPBYclause.TheGROUPBYclauseisusedtospecifywhichfieldswewantthegroupsubdivisiontobebasedon;aftertheinputrecordshavebeendividedintothesegroups,alltheaggregatefunctionsintheSELECTclausewillbecalculatedseparatelyoneachofthesegroups,andthequerywillreturnanoutputrecordforeachgroupcreated.
UsingtheGROUPBYclause,ourexamplequeryanditsoutputwilllooklikethis:
SELECTcs-uri-stem,COUNT(*)FROMex040528.logGROUPBYcs-uri-stemcs-uri-stemCOUNT(*)------------------------------/Home/default.asp5/Home/images/bckgd.gif419/Docs/expl.htm12/Docs/main.htm26/login/frmx.dll1
Tomakeanotherexample,assumethatwewanttocalculatehowmanyrequestshavebeenservedforeachpagetype(ASP,html,CSS,etc.).Firstofall,weneedtocreateseparategroupsaccordingtotheextensionoftheURL;afterthisgroupsubdivisionhasbeendone,wecancalculateaCOUNT(*)oneachgroup:
SELECTEXTRACT_EXTENSION(cs-uri-stem)ASPageType,COUNT(*)FROMex040528.logTheoutputwilllooklike:
![Page 50: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/50.jpg)
GROUPBYPageTypePageTypeCOUNT(ALL*)--------------------htm115css22gif585exe25nsf142swf11jpg77html1dll1asp5js11class5
Ifwesorttheoutputaboveaccordingtothenumberofrequestsforeachgroup,wewillbecreatingalistshowingthemostrequestedpagetypesfirst:
SELECTEXTRACT_EXTENSION(cs-uri-stem)ASPageType,COUNT(*)ASPageTypeHitsFROMex040528.logGROUPBYPageTypeORDERBYPageTypeHitsDESC
Theoutputwilllooklike:
PageTypePageTypeHits--------------------gif585nsf142htm115jpg77exe25css22js11swf11asp5class5dll1html1
Groupscanalsobebuiltonmultiplefields,thuscreatingahierarchyofgroups.
Forexample,considerthefollowingquery:
SELECTEXTRACT_EXTENSION(cs-uri-stem)ASPageType,sc-status,COUNT(*)FROMex040528.logGROUPBYPageType,sc-statusThisquerycreatesgroupsaccordingtotherequestedpagetype,andwithineachofthesegroups,sub-groupsarecreatedaccordingtotheHTTPstatussentbytheIISserverforthegrouppagetype;theaggregatefunction"COUNT"willthenbecalculatedoneachsub-group.Theoutputwilllooklike:
PageTypesc-statusPageTypeHits-----------------------------htm30479css30410gif304450exe20025nsf200129swf2003gif40412css4049
It'simportanttonoteaparticularlanguageconstraintderivedfromtheuseoftheGROUPBYclause.WheneveraquerycontainsaGROUPBYclause,itsSELECTclausecanonlycontainanyofthefollowing:
AggregatefunctionsField-expressionsappearingalsointheGROUPBYclause,orderiving
![Page 51: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/51.jpg)
htm20034css2003jpg20017gif200123jpg30460swf3048nsf4033html4041dll5001asp2005js3047class3044js2004htm4042class2001nsf3049nsf3021
fromthefield-expressionsusedintheGROUPBYclauseConstants
Inotherwords,thefollowingexampleisacorrectquery:
SELECT'hello',TO_UPPERCASE(cs-uri-stem),COUNT(*),SUM(sc-bytes)FROMex040528.logGROUPBYcs-uri-stemInfact,theSELECTclauseintheexampleabovecontains:Aconstant("'hello'");Afield-expression("TO_UPPERCASE(cs-uri-stem)")whoseargumentappearsintheGROUPBYclause;Twoaggregatefunctions.
However,thefollowingexampleisNOTacorrectquery:
SELECTdate,COUNT(*),SUM(sc-bytes)FROMex040528.logGROUPBYcs-uri-stemTheSELECTclauseintheexampleabovecontainsafield-expression("date")thatdoesnotappearintheGROUPBYclause.
ThefollowingexampleisalsoNOTacorrectquery:
SELECTTO_UPPERCASE(cs-uri-stem),COUNT(*),SUM(sc-bytes)FROMex040528.logGROUPBYSUBSTR(TO_UPPERCASE(cs-uri-stem),0,5)TheSELECTclauseintheexampleabovecontainsafield-expression("TO_UPPERCASE(cs-uri-stem)")thatisnotderivedfromanyfield-expressionintheGROUPBYclause;inthiscase,it'sactuallythefield-expressionintheGROUPBYclausethatisderivedfromafield-expressionintheSELECTclause.Thepreviousexamplecanbecorrectedasfollows:
SELECTSUBSTR(TO_UPPERCASE(cs-uri-stem),0,5),COUNT(*),SUM(sc-bytes)FROMex040528.logGROUPBYSUBSTR(TO_UPPERCASE(cs-uri-stem),0,5)©2004MicrosoftCorporation.Allrightsreserved.
![Page 52: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/52.jpg)
CalculatingPercentagesWhenworkingwithgroupsandaggregatefunctions,itisoftenneededtorepresentanaggregatevalueasapercentage,ratherthanasanabsolutevalue.Wemightwant,forexample,tocalculatethenumberofhitsperpagetypefromaWebserverlogasapercentagerelativetothetotalnumberofhits,ratherthanastheabsolutenumberitself.
Considerthepreviousexamplequery,thatcalculatesthecountofhitsperrequestedpagetype:
SELECTEXTRACT_EXTENSION(cs-uri-stem)ASPageType,COUNT(*)FROMex040528.logGROUPBYPageTypePageTypeCOUNT(ALL*)--------------------htm115css22gif585exe25nsf142swf11jpg77html1dll1asp5js11class5
Ifwewantedtocalculatethepercentageofhitsforeachgroup,wewouldneedtodividethenumberofhitswithineachgroupbythetotalnumberofhitsinthewholelogfile;however,theuseoftheGROUPBYclauserestrictseachaggregatefunctiontooperatewithinthesinglegroups,thusmakingitimpossibletocalculateatthesametimethetotalnumberofhitsacrossallgroups.
Toworkaroundthisproblem,weusetwospecialaggregatefunctionsavailableintheLogParserSQLlanguage:PROPCOUNTandPROPSUM.Whenusedintheirbasicforms,thesefunctionscalculatetheratiooftheCOUNTorADDaggregatefunctionswithinagrouptotheCOUNTorADDaggregatefunctionsonalloftheinputrecords.
UsingthePROPCOUNTfunction,wecanchangethequeryaboveasfollows:
SELECTEXTRACT_EXTENSION(cs-uri-stem)ASPageType,PROPCOUNT(*)Andobtain:
![Page 53: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/53.jpg)
FROMex040528.logGROUPBYPageTypePageTypePROPCOUNT(ALL*)------------------------htm0.115000css0.022000gif0.585000exe0.025000nsf0.142000swf0.011000jpg0.077000html0.001000dll0.001000asp0.005000js0.011000class0.005000
Toshowrealpercentages,wecanmultiplytheaggregatefunctionvaluesby100:
SELECTEXTRACT_EXTENSION(cs-uri-stem)ASPageType,MUL(PROPCOUNT(*),100.0)ASPageTypeHitsFROMex040528.logGROUPBYPageTypePageTypePageTypeHits--------------------htm11.500000css2.200000gif58.500000exe2.500000nsf14.200000swf1.100000jpg7.700000html0.100000dll0.100000asp0.500000js1.100000class0.500000
Fromtheresultsofthisquerywecaninferthat,forexample,requeststo"css"pagesrepresentthe2.2%ofthetotalnumberofrequestsinthislogfile.
![Page 54: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/54.jpg)
CalculatingPercentagesAcrossMultipleGroupHierarchiesTheexamplesaboveshowthebasicformofthePROPCOUNTandPROPSUMfunctions,whichcalculatesthepercentageofanaggregatefunctionwithinagrouprelativetoalloftheinputrecords.However,itisalsopossibletousethePROPCOUNTandPROPSUMfunctionstocalculatepercentagesrelativetohierarchicallyhighergroups.Todoso,wecanusetheONkeywordafterthePROPCOUNTorPROPSUMfunctionnamefollowedbyalistoftheGROUPBYfield-expressionsidentifyingwhichhierarchicallyhighergroupwewantthepercentagetoberelativeto.
Consideroneofthepreviousexamples,inwhichwecalculatedthetotalnumberofhitsperpagetypeperHTTPstatuscode,modifiedtoshowpercentagesratherthanabsolutenumbers:
SELECTEXTRACT_EXTENSION(cs-uri-stem)ASPageType,sc-status,MUL(PROPCOUNT(*),100.0)ASHitsFROMex040528.logGROUPBYPageType,sc-statusORDERBYPageType,sc-status
PageTypesc-statusHits-----------------------------asp2000.500000class2000.100000class3040.400000css2000.300000css3041.000000css4040.900000dll5000.100000exe2002.500000gif20012.300000gif30445.000000gif4041.200000htm2003.400000htm3047.900000
The"Hits"fieldshowsthepercentageofhitsforapagetypeandHTTPstatuscoderelativetothetotalnumberofhits.
IfwewantedtocalculatethepercentageofhitsforapagetypeandHTTPstatuscoderelativetothenumberofhitsforthatpagetype(i.e.thedistributionofHTTPstatuscodeswithineachpagetype),wewouldhavewrittenthequeryasfollows:
SELECTEXTRACT_EXTENSION(cs-uri-stem)ASPageType,sc-status,MUL(PROPCOUNT(*)ON(PageType),100.0)ASHitsFROMex040528.logGROUPBYPageType,sc-statusORDERBYPageType,sc-status
Theoutputwouldbe:
PageTypesc-statusHits---------------------------
![Page 55: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/55.jpg)
htm4040.200000html4040.100000jpg2001.700000jpg3046.000000js2000.400000js3040.700000nsf20012.900000nsf3020.100000nsf3040.900000nsf4030.300000swf2000.300000swf3040.800000
asp200100.000000class20020.000000class30480.000000css20013.636364css30445.454545css40440.909091dll500100.000000exe200100.000000gif20021.025641gif30476.923077gif4042.051282htm20029.565217htm30468.695652htm4041.739130html404100.000000jpg20022.077922jpg30477.922078js20036.363636js30463.636364nsf20090.845070nsf3020.704225nsf3046.338028nsf4032.112676swf20027.272727swf30472.727273
Wecannowinferthat,forexample,about45%ofrequeststo"css"pagesreturnedanHTTPstatuscodeof304.
HerewehaveusedtheONkeywordfollowedbythe"PageType"GROUPBYfield-expression.ThisnotationindicatesthatwewantthePROPCOUNTfunctiontocalculatetheratiooftheCOUNTaggregatefunctionwithinasinglegrouptotheCOUNTaggregatefunctionwithinthehierarchicallyhighergroupidentifiedbythe"PageType"field-expression.
Asanotherexample,wecanmodifythepreviousexamplequerytocreategroupsbasedonthetimetherequestwasmadeat(quantizedat20-secondintervals),thepagetype,andtheHTTPstatuscode:
SELECTQUANTIZE(time,20)ASInterval,EXTRACT_EXTENSION(cs-uri-stem)ASPageType,sc-statusFROMex040528.logGROUPBYInterval,PageType,sc-statusORDERBYInterval,PageType,sc-status
Foreachgroup,wecancalculatethepercentageofhitsrelativetothenumberofhitswithinthetimeintervalandpagetype,thepercentageofhitsrelativetothenumberofhitswithinthetimeintervalalone,andthepercentageofhitsrelativetothetotalnumberofhits:
SELECTQUANTIZE(time,20)ASInterval,EXTRACT_EXTENSION(cs-uri-stem)ASPageType,sc-status,MUL(PROPCOUNT(*)ON(Interval,PageType),100.0)ASHits1,MUL(PROPCOUNT(*)ON(Interval),100.0)ASHits2,MUL(PROPCOUNT(*),100.0)ASHits3FROMex040528.logGROUPBYInterval,PageType,sc-statusORDERBYInterval,PageType,sc-status
IntervalPageTypesc-statusHits1Hits2Hits3-----------------------------------------------------00:28:40css20020.0000001.4705880.10000000:28:40css30460.0000004.4117650.30000000:28:40css40420.0000001.4705880.10000000:28:40exe200100.0000007.3529410.50000000:28:40gif20010.0000001.4705880.10000000:28:40gif30470.00000010.2941180.70000000:28:40gif40420.0000002.9411760.20000000:28:40htm20011.7647062.9411760.20000000:28:40htm30488.23529422.0588241.50000000:28:40jpg20025.0000001.4705880.10000000:28:40jpg30475.0000004.4117650.30000000:28:40nsf200100.00000035.2941182.400000
Fromthequeryresultswecaninfer,forexample,thatduringthe"00:29:20"timeinterval,about78%oftherequeststo"htm"pagesreturnedtheHTTPstatuscode304.Inthesametimeinterval,requeststo"htm"pagesreturningtheHTTPstatuscode304madeupforabout10%oftherequests,andtheserequestsrepresentthe1.5%ofthetotalnumberofrequestsinthelog.
TheexampleaboveshowsthataPROPCOUNTorPROPSUMfunctionwithnoONkeywordislogicallyequivalenttousingtheONkeywordfollowedbyanemptylistofGROUPBYfield-expressions,meaningthatthepercentagetobecalculatedshouldberelativetothehighesthierarchicalgroupidentifiedbynofield-expression,i.e.thewholesetofinputrecords.
![Page 56: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/56.jpg)
00:28:40swf20033.3333331.4705880.10000000:28:40swf30466.6666672.9411760.20000000:29:00ASP200100.0000000.2169200.10000000:29:00GIF200100.0000000.4338390.20000000:29:00asp200100.0000000.2169200.10000000:29:00class20050.0000000.2169200.10000000:29:00class30450.0000000.2169200.10000000:29:00css20014.2857140.2169200.10000000:29:00css30428.5714290.4338390.20000000:29:00css40457.1428570.8676790.40000000:29:00dll500100.0000000.2169200.10000000:29:00exe200100.0000001.9522780.90000000:29:00gif20021.79487214.7505426.80000000:29:00gif30476.92307752.06073824.00000000:29:00gif4041.2820510.8676790.40000000:29:00htm20034.0909093.2537961.50000000:29:00htm30463.6363646.0737532.80000000:29:00htm4042.2727270.2169200.10000000:29:00html404100.0000000.2169200.10000000:29:00jpg20035.0000001.5184380.70000000:29:00jpg30465.0000002.8199571.30000000:29:00js20050.0000000.4338390.20000000:29:00js30450.0000000.4338390.20000000:29:00nsf20094.33962310.8459875.00000000:29:00nsf4035.6603770.6507590.30000000:29:00swf20050.0000000.4338390.20000000:29:00swf30450.0000000.4338390.20000000:29:20NSF200100.0000002.1276600.30000000:29:20asp200100.0000000.7092200.10000000:29:20class304100.0000000.7092200.10000000:29:20css30460.0000002.1276600.30000000:29:20css40440.0000001.4184400.20000000:29:20exe200100.0000002.8368790.40000000:29:20gif30497.14285748.2269506.80000000:29:20gif4042.8571431.4184400.20000000:29:20htm20015.7894742.1276600.30000000:29:20htm30478.94736810.6382981.500000
Inaddition,itisalsoworthmentioningthatthelistoffield-expressionsspecifiedaftertheONkeywordmustbeaproperprefixoftheGROUPBYfield-expressions.If,forexample,theONkeywordisfollowedbythreefield-expressions,thenthesethreefield-expressionsmustmatchthefirstthreefield-expressionsintheGROUPBYclause,andtheymustalsoappearinthesameorderastheydointheGROUPBYclause.Inotherwords,eachPROPCOUNTfunctioninthefollowingqueryiscorrect,sincethelistsoffield-expressionsaftertheONkeywordareallaproperprefixoftheGROUPBYfield-expressions:
SELECTQUANTIZE(time,20)ASInterval,EXTRACT_EXTENSION(cs-uri-stem)ASPageType,sc-status,MUL(PROPCOUNT(*)ON(Interval,PageType),100.0)ASHits1,MUL(PROPCOUNT(*)ON(Interval),100.0)ASHits2FROMex040528.logGROUPBYInterval,PageType,sc-status
However,noneofthePROPCOUNTfunctionsinthefollowingqueryiscorrect,sincethelistsoffield-expressionsaftertheONkeywordarenotaproperprefixoftheGROUPBYfield-expressions:
SELECTQUANTIZE(time,20)ASInterval,EXTRACT_EXTENSION(cs-uri-stem)ASPageType,sc-status,MUL(PROPCOUNT(*)ON(PageType,sc-status),100.0)ASHits1,MUL(PROPCOUNT(*)ON(PageType),100.0)ASHits2,MUL(PROPCOUNT(*)ON(Interval,sc-status),100.0)ASHits2,FROMex040528.logGROUPBYInterval,PageType,sc-status
©2004MicrosoftCorporation.Allrightsreserved.
![Page 57: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/57.jpg)
00:29:20htm4045.2631580.7092200.10000000:29:20jpg20015.3846151.4184400.20000000:29:20jpg30484.6153857.8014181.10000000:29:20js20050.0000001.4184400.20000000:29:20js30450.0000001.4184400.20000000:29:20nsf20061.1111117.8014181.10000000:29:20nsf3025.5555560.7092200.10000000:29:20nsf30433.3333334.2553190.60000000:29:20swf304100.0000002.1276600.300000
![Page 58: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/58.jpg)
FilteringGroupsConsideragainoneofthepreviousexamples,inwhichweusedtheCOUNTaggregatefunctiontocalculatethenumberoftimeseachpagetypehasbeenrequested:
SELECTEXTRACT_EXTENSION(cs-uri-stem)ASPageType,COUNT(*)ASPageTypeHitsFROMex040528.logGROUPBYPageTypeORDERBYPageTypeHitsDESC
PageTypePageTypeHits--------------------gif585nsf142htm115jpg77exe25css22js11swf11asp5class5dll1html1
Let'snowassumethatweareonlyinterestedinseeingpagetypesthathavebeenrequested10timesormore.
Atfirstglance,itmightseemthatwecoulduseaWHEREclausewithaconditiononthevalueoftheCOUNTaggregatefunctiontofilterouttheundesiredgroups.However,wehaveseenthattheWHEREclauseisusedtofilterinputrecords,whichmeansthatthisclauseisevaluatedbeforegroupsarecreated.Forthisreason,useofaggregatefunctionsisnotallowedintheWHEREclause.
ThetaskathandcanbeaccomplishedbyusingtheHAVINGclause.TheHAVINGclauseworksjustliketheWHEREclause,withtheonlydifferencebeingthattheHAVINGclauseisevaluatedaftergroupshavebeencreated,whichmakesitpossiblefortheHAVINGclausetospecifyaggregatefunctions.
Tip:TheHAVINGclausemustimmediatelyfollowtheGROUPBYclause.
UsingtheHAVINGclause,wecanwritetheexampleaboveas:
SELECTEXTRACT_EXTENSION(cs-uri-stem)ASPageType,COUNT(*)ASPageTypeHitsFROMex040528.logGROUPBYPageTypeAndobtain:
![Page 59: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/59.jpg)
HAVINGPageTypeHits>=10ORDERBYPageTypeHitsDESCPageTypePageTypeHits--------------------gif585nsf142htm115jpg77exe25css22js11swf11
©2004MicrosoftCorporation.Allrightsreserved.
![Page 60: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/60.jpg)
EliminatingDuplicateValuesWhenworkingwithinformationfromlogs,itisoftendesiredtoretrievealistofsomevalueswhereeachelementinthelistappearsonlyonce,regardlessofthenumberoftimesthesamevalueappearsintheoriginaldata.
Asanexample,considerthefollowingquery,whichextractsallthedomainaccountsthathaveloggedonacomputerfromthe"Security"eventlog:
SELECTRESOLVE_SID(Sid)ASAccountFROM\\TESTMACHINE1\SecurityWHEREEventIDIN(540;528)Theoutputofthisqueryisalistofallthedomainaccountsappearingineach"Logon"event:
Account------------------------------------------------NTAUTHORITY\LOCALSERVICENTAUTHORITY\NETWORKSERVICENTAUTHORITY\NETWORKSERVICENTAUTHORITY\NETWORKSERVICETESTDOMAIN\TESTUSER1NTAUTHORITY\LOCALSERVICENTAUTHORITY\LOCALSERVICETESTDOMAIN\TESTUSER1TESTDOMAIN\TESTUSER2NTAUTHORITY\LOCALSERVICETESTDOMAIN\TESTUSER1
Ifweareinterestedinretrievingalistinwhicheachaccountnameappearsonlyonce,wecouldusetheDISTINCTkeywordintheSELECTclauseasfollows:
SELECTDISTINCTRESOLVE_SID(Sid)ASAccountFROM\\TESTMACHINE1\SecurityWHEREEventIDIN(540;528)Andobtain:
Account------------------------------------------------NTAUTHORITY\LOCALSERVICENTAUTHORITY\NETWORKSERVICETESTDOMAIN\TESTUSER1TESTDOMAIN\TESTUSER2
TheDISTINCTkeywordisusedtoindicatethattheoutputofaqueryshouldconsistofuniquerecords;duplicateoutputrecordsarediscarded.
Asanotherexample,wemightwanttoretrievealistofallthebrowsersusedtorequestpagesfromourIISserver,witheachbrowserappearingonlyonceinthelist:
SELECTDISTINCTcs(User-Agent)FROM<1>
![Page 61: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/61.jpg)
cs(User-Agent)--------------------------------------------------------------------Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1)Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)Mozilla/4.05+[en]Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+T312461;+Q312461)Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0)Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0)Microsoft+Data+Access+Internet+Publishing+Provider+Cache+ManagerMozilla/2.0+(compatible;+MS+FrontPage+4.0)MSFrontPage/4.0Microsoft+Data+Access+Internet+Publishing+Provider+DAV
ItisalsopossibletousetheDISTINCTkeywordinsidetheCOUNTaggregatefunction,inordertoretrievethetotalnumberofdifferentvaluesappearinginthedata.
Forexample,thefollowingqueryreturnsthetotalnumberofdifferentbrowsersandthetotalnumberofdifferentclientIPaddressesthatrequestedpagesfromourIISserver:
SELECTCOUNT(DISTINCTcs(User-Agent))ASBrowsers, COUNT(DISTINCTc-ip)ASClientsFROM<1>BrowsersClients---------------3563379Tip:IntheLogParserSQL-Likelanguage,theDISTINCTkeyword
canbeusedinsideaggregatefunctionsonlywhentheGROUPBYclauseisnotused.
©2004MicrosoftCorporation.Allrightsreserved.
![Page 62: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/62.jpg)
RetrievingaFixedNumberofRecordsOneofthemostcommonlogreportsisa"TOP10"listshowingthetopentriesappearinginaranking.Thisisusuallyachievedwithaquerythatcalculatessomeaggregatefunctionwithingroups,ordersthegroupsbythevalueoftheaggregatefunction,andthenusestheTOPkeywordintheSELECTclausetoreturnonlyafewrecordsatthetopoftheorderedoutput.
Asanexample,thefollowingqueryreturnstheTOP10URL'srequestedfromanIISlogfile:
SELECTTOP10cs-uri-stemASUrl, COUNT(*)ASHitsFROM<1>GROUPBYUrlORDERBYHitsDESC
UrlHits-----------------------------------/police/laws.nsf25183/cgi-bin/counts.exe5694/police/rulesinfo.nsf5202/police/laws.nsf3980/images/address.gif3609/image/1_m.jpg3540/npanews0.htm3305/images/tibg.gif2955/startopen/startopen920707.htm2502/police/find.nsf2465
ThiskindofreportsisaperfectcandidatefortheCHARTOutputFormat;assumingthatthefollowingqueryissavedinthe"querytop.sql"textfile,thefollowingcommandwillgenerateanimagefilecontainingachartofthequeryoutputabove:
SELECTTOP10cs-uri-stemASUrl, COUNT(*)ASHitsINTOUrls.gifFROM<1>GROUPBYUrlORDERBYHitsDESC
C:\>LogParserfile:querytop.sql-o:chart-chartType:Bar3d-chartTitle:"TOP10URL"
![Page 63: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/63.jpg)
©2004MicrosoftCorporation.Allrightsreserved.
![Page 64: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/64.jpg)
ImprovingQueryReadabilityThefunctionsavailableintheLogParserSQLlanguagemakeitpossibletowritecomplexqueriesoperatingonaverylargenumberofpossibletransformationsoftheinputfields;however,thesecomplexqueriesmightsometimesbecumbersometowrite.
Asanexample,considerthetaskofwritingaquerythatextractsfromtheSecurityeventlogalltheusersbelongingtoaspecificdomainthatloggedonthiscomputer.Forthepurposeoftheexample,let'salsoassumethatwewanttheusernamesaslowercasestrings,andthatwearewritingthequeryasaSQLfilethattakesalowercasedomainnameasaninputparameter.Atfirstthought,thequerywouldlooklikethis:
SELECTEXTRACT_TOKEN(TO_LOWERCASE(RESOLVE_SID(Sid)),1,'\\')ASUsernameFROM SecurityWHERE EventIDIN(540;528)AND EXTRACT_TOKEN(TO_LOWERCASE(RESOLVE_SID(Sid)),0,'\\')='%domainname%'
Toexecutethisquery,wecanusethe"file:"command-lineargument,specifyingavalueforthe"domainname"parameter:
C:\>LogParserfile:myquery.sql?domainname=tstdomain-i:EVT
Whentypingthequeryabove,wehadtorepeattwicethewholeexpressionthattransformstheSidinputrecordfieldintoalowercasefully-qualifiedaccountname:
TO_LOWERCASE(RESOLVE_SID(Sid))
Itwouldbeeasierifwecould,inacertainsense,"assign"thisexpressiontoa"variable",andthenusethevariablewhenneeded.WecoulddefinitelydothatbyaliasingtheexpressionintheSELECTclause:
SELECTTO_LOWERCASE(RESOLVE_SID(Sid))ASFQAccount, EXTRACT_TOKEN(FQAccount,1,'\\')ASUsernameFROM SecurityHowever,theoutputofthisquerynowcontainsanextraneousfield-thefully-qualifiedaccountname:
![Page 65: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/65.jpg)
WHERE EventIDIN(540;528)AND EXTRACT_TOKEN(FQAccount,0,'\\')='%domainname%'FQAccountUsername---------------------------------tstdomain\testusr1testusr1tstdomain\testusr1testusr1tstdomain\testusr2testusr2tstdomain\testusr3testusr3
Toobviatethisproblem,theLogParserSQLlanguagesupportstheUSINGclause.TheUSINGclause,anon-standardSQLlanguageelement,isusedtodeclarealiasesinthesamewayaswewouldintheSELECTclause,withthedifferencethatexpressionsintheUSINGclausewillnotappearintheoutputrecords(unlessexplicitlyreferencedintheSELECTclause).
WiththeUSINGclause,thequeryabovecanbewrittenasfollows:
SELECTEXTRACT_TOKEN(FQAccount,1,'\\')ASUsernameUSING TO_LOWERCASE(RESOLVE_SID(Sid))ASFQAccountFROM SecurityWHERE EventIDIN(540;528)AND EXTRACT_TOKEN(FQAccount,0,'\\')='%domainname%'
Tip:TheUSINGclausemustimmediatelyfollowtheSELECTclause.
Theoutputofthisquerywouldlooklikethefollowingsampleoutput:
Username--------testusr1testusr1testusr2testusr3
©2004MicrosoftCorporation.Allrightsreserved.
![Page 66: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/66.jpg)
AdvancedFeaturesLogParseroffersauniquesetoffeaturesthatenhanceitsflexibilityinthemostcommonlogprocessingscenarios.Thesefeaturesinclude:
ParsingInputIncrementally:someinputformatsallowLogParsertoparseincrementallylogsthatgrowovertime.MultiplexingOutputRecords:someoutputformatsallowtheoutputrecordsofaquerytobewrittentodifferenttargets,dependingonthevaluesofselectedoutputrecordfields.ConvertingFileFormats:duetoitsarchitecture,LogParsercanbeeasilyusedtoconvertlogfilesfromaformattoanother.CustomPlugins:LogParserallowsuserstodeveloptheirowncustominputformats,andusethemwitheithertheLogParsercommand-lineexecutable,orwiththeLogParserscriptableCOMcomponents.
©2004MicrosoftCorporation.Allrightsreserved.
![Page 67: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/67.jpg)
ParsingInputIncrementallyLogParserisoftenusedtoparselogsthatgrowovertime.Forexample,theIISlogsandtheWindowsEventLogarecontinuouslyupdatedwithnewinformation,andinsomecases,wewouldliketoparsetheselogsperiodicallyandonlyretrievethenewrecordsthathavebeenloggedsincethelasttime.Thisisespeciallytrueforscenariosinwhich,forexample,weuseLogParsertoconsolidatelogstoadatabaseinanalmostreal-timefashion,orwhenweuseLogParsertobuildamonitoringsystemthatperiodicallyscanslogsfornewentriesofinterest.
Forthesescenarios,LogParseroffersafeaturethatallowssequentialexecutionsofthesamequerytoonlyprocessnewdatathathasbeenloggedsincethelastexecution.ThisfeaturecanbeenabledwiththeiCheckPointparameterofthefollowinginputformats:
IISW3CNCSAIISHTTPERRURLSCANCSVTSVEVTTEXTLINETEXTWORD
The"iCheckPoint"parameterisusedtospecifythenameofa"checkpoint"filethatLogParserusestostoreandretrieveinformationaboutthe"position"ofthelastentryparsedfromeachofthelogsthatappearinacommand.Whenweexecuteacommandwithacheckpointfileforthefirsttime(i.e.whenthespecifiedcheckpointfiledoesnotexist),LogParserexecutesthequerynormallyandprocessesallthelogsinthecommand,savingfor
![Page 68: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/68.jpg)
eachthe"position"ofthelastparsedentrytothecheckpointfile.Iflateronweexecutethesamecommandspecifyingthesamecheckpointfile,LogParserwillparseagainallthelogsinthecommand,buteachlogwillbeparsedstartingaftertheentrythatwaslastparsedbythepreviouscommand,thusproducingrecordsfornewentriesonly.Whenthenewcommandexecutioniscomplete,theinformationinthecheckpointfileisupdatedwiththenew"position"ofthelastentryineachlog.
Note:Checkpointfilesareupdatedonlywhenaqueryexecutessuccesfully.Ifanerrorcausestheexecutionofaquerytoabort,thecheckpointfileisnotupdated.
Tomakeanexample,let'sassumethatthe"MyLogs"foldercontainsthefollowingtextfiles:
Log1.txt,50linesLog2.txt,100linesLog3.txt,20linesLog4.txt,30lines
Let'salsoassumethatwewanttoparsethesetextfilesincrementallyusingtheTEXTLINEInputFormat,whichreturnsaninputrecordforeachlineintheinputtextfiles.Inordertoparsetheselogsincrementally,wespecifythenameofacheckpointfile,makingsurethatthefiledoesnotexistpriortothecommandexecution.Ourcommandwouldlooklikethis:
logparser"SELECT*FROMMyLogs\*.*"-i:TEXTLINE-iCheckPoint:myCheckPoint.lpcWhenthiscommandisexecutedforthefirsttime,LogParserwillreturnallthe200linesfromallofthefourlogfiles,anditwillcreatethe"myCheckPoint.lpc"checkpointfilecontainingthepositionofthelastlineineachofthefourlogfiles.
Tip:Whenthecheckpointfileisspecifiedwithoutapath,LogParserwillcreatethecheckpointfileinthefoldercurrentlysetforthe%TEMP%environmentvariable,usually"\DocumentsandSettings\<username>\LocalSettings\Temp".;
![Page 69: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/69.jpg)
Let'snowassumethatthe"Log3.txt"fileisupdated,andthattennewlinesareaddedtothelogfile.Atthismoment,thelogfilesandtheinformationstoredinthecheckpointfilewilllooklikethis:
LogFiles CheckpointfileLog1.txt,50lines Log1.txt,line50Log2.txt,100lines Log2.txt,line100Log3.txt,30lines Log3.txt,line20Log4.txt,30lines Log4.txt,line30Ifweexecuteagainthesamecommand,LogParserwillusethe"myCheckPoint.lpc"filetodeterminewheretostartparsingeachofthelogfiles,anditwillonlyparseandreturnthetennewlinesinthe"Log3.txt"file.Whenthecommandexecutioniscomplete,the"myCheckPoint.lpc"checkpointfileisupdatedtoreflectthenewpositionofthelastlineinthe"Log3.txt"file.
Ifnowanew"Log5.txt"fileiscreatedcontainingtenlines,thelogfilesandtheinformationstoredinthecheckpointfilewilllooklikethis:
LogFiles CheckpointfileLog1.txt,50lines Log1.txt,line50Log2.txt,100lines Log2.txt,line100Log3.txt,30lines Log3.txt,line30Log4.txt,30lines Log4.txt,line30Log5.txt,10lines notrecordedIfweexecuteagainthecommand,LogParserwillonlyparsethenew"Log5.txt"file,returningitstenlines.
Asanotherexampleshowinghowthecheckpointfileisupdated,let'sassumenowthatthe"Log2.txt"fileisdeleted.Thelogfilesandtheinformationstoredinthecheckpointfilewillnowlooklikethis:
LogFiles CheckpointfileLog1.txt,50lines Log1.txt,line50
![Page 70: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/70.jpg)
non-existing Log2.txt,line100Log3.txt,30lines Log3.txt,line30Log4.txt,30lines Log4.txt,line30Log5.txt,10lines Log5.txt,line10Whenweexecutethecommand,LogParserwilldetectthattherearenonewentriestoparse,anditwillreturnnorecords.However,uponupdatingthecheckpointfile,itwilldeterminethatthe"Log2.txt"filedoesn'texistanymore,anditwillremovealltheinformationassociatedwiththelogfilefromthecheckpointfile,whichwillnowlooklikethis:
LogFiles CheckpointfileLog1.txt,50lines Log1.txt,line50Log3.txt,30lines Log3.txt,line30Log4.txt,30lines Log4.txt,line30Log5.txt,10lines Log5.txt,line10Atthismomentthecheckpointfiledoesnotcontainanymoreinformationonthe"Log2.txt"file;shouldanew"Log2.txt"fileappearagainforanyreason,asubsequentcommandwouldtreatthefileasanewfile,andallofitsentrieswouldbeparsedfromthebeginningofthefile.
Asalastexample,let'snowassumethatthe"Log1.txt"fileisupdated,butthistimeitssizeshrinksanditendsupcontainingtenlinesonly.Thelogfilesandtheinformationstoredinthecheckpointfilewillnowlooklikethis:
LogFiles CheckpointfileLog1.txt,10lines Log1.txt,line50Log3.txt,30lines Log3.txt,line30Log4.txt,30lines Log4.txt,line30Log5.txt,10lines Log5.txt,line10Whenweexecutethecommand,LogParserwilldetectthatthesizeofthe"Log1.txt"filehaschanged,butinsteadofgrowinglarger,thefileisactuallysmaller.Inthissituation,LogParserassumesthatthefilehasbeenreplacedwithanewone,anditwillparseitasifitwasanewfile,returningallofitstenentries.Afterthecommandexecutioniscomplete,the"myCheckPoint.lpc"
![Page 71: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/71.jpg)
checkpointfileisupdatedtoreflectthenewsituation,andthelogfilesandtheinformationstoredinthecheckpointfilewilllooklikethis:
LogFiles CheckpointfileLog1.txt,10lines Log1.txt,line10Log3.txt,30lines Log3.txt,line30Log4.txt,30lines Log4.txt,line30Log5.txt,10lines Log5.txt,line10
![Page 72: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/72.jpg)
IncrementalParsingandAggregatedDataIt'simportanttonotethatthecheckpointfileonlyrecordsinformationaboutthefilesbeingparsed;itdoesnotrecordinformationaboutthequerybeingexecuted.Inotherwords,whenweexecuteaquerymultipletimesonasetofgrowingfilesusingacheckpointfile,eachtimethequeryresultsarecalculatedonthenewentriesonly.Thismeansthatqueriesusingaggregateddataneedtobehandledcarefullywhenusedwithcheckpointfiles.
Asanexample,consideragainthefourtextfilesinthefirstscenarioabove,andthefollowingcommand:
logparser"SELECTCOUNT(*)ASTotalFROMMyLogs\*.*"-i:TEXTLINE-iCheckPoint:myCheckPoint.lpcWhenthecommandisexecutedforthefirsttime,the"Total"fieldintheoutputrecordreturnedbythequerywillbeequalto200,thatis,thetotalnumberoflinesinthefourlogfiles.Asinthefirstexample,let'snowassumethatthe"Log3.txt"fileisupdated,andthattennewlinesareaddedtothelogfile.Whenweexecutethecommandagain,the"Total"fieldintheoutputrecordreturnedbythequerywillbenowequalto10,thetotalnumberofnewlinesinthefourlogfiles,andnotto210,asonewouldexpectfromthetotalnumberofrows.
Incaseswhereitisdesirabletocalculateaggregateddataacrossmultipleexecutionsofthesamequerywhenusingincrementalparsing,apossiblesolutionistosavethepartialresultsofeachquerytotemporaryfiles,andthenaggregateallthepartialresultswithanadditionalstep.Usingtheexampleabove,wecouldsavetheresultofthefirstquery("200")tothe"FirstResults.csv"file,andtheresultofthesecondquery("10")tothe"LastResults.csv"file.Thetwofilescouldthenbeconsolidatedintoasinglefilewithacommandlikethis:
![Page 73: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/73.jpg)
logparser"SELECTSUM(Total)FROMFirstResults.csv,LastResults.csv"-i:CSV
©2004MicrosoftCorporation.Allrightsreserved.
![Page 74: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/74.jpg)
MultiplexingOutputRecordsManyLogParseroutputformatsallowtheusertospecifymultiplefilesasthetargettowhichoutputrecordsarewrittento.Thisisachievedbyusing'*'wildcardcharactersinthefilenamespecifiedintheINTOclause;duringtheexecutionofthequery,thefirstfieldsineachoutputrecordsubstitutethewildcardcharacterstodeterminetheresultingfilenametowhichtheoutputrecordswiththeremainingfieldsarewritten.Inotherwords,thisfeatureallowsoutputrecordstobemultiplexedtodifferenttargetfilesdependingonthevaluesofthefirstfieldsintheoutputrecord.
Tomakeanexample,let'sassumethatwewanttoquerytheWindowsEventLog,andforeacheventsourcename,wewanttocreateaCSVtextfilecontainingallthedistincteventID'sgeneratedbythatsourcename.Thecommandwouldlooklikethefollowingexample:
LogParser"SELECTDISTINCTSourceName,EventIDINTOEvent_*.csvFROMSystem"-i:EVT-o:CSVForeachoutputrecordgeneratedbythisquery,the"SourceName"fieldwillbeusedtosubstitutethewildcardinthetargetfilename,andthe"EventID"fieldwillbewrittentotheCSVfilewiththeresultingfilename.Afterthecommandexecutioniscomplete,wewillhaveasmanyCSVoutputfilesasthenumberofdifferenteventsourcenames:
C:\>dirVolumeindriveChasnolabel.VolumeSerialNumberis49B5-4736
DirectoryofC:
07/19/200408:56AM<DIR>.07/19/200408:56AM<DIR>..07/19/200408:56AM13Event_ApplicationPopup.csv
EachCSVfilewillcontainthedistincteventID'sgeneratedbytheeventsource:
C:\>typeEvent_Tcpip.csvEventID42014202Thereisnolimitonthenumberofwildcardcharactersthatcanbeusedinthetargetfilenames.Wecanmodifytheexampleabovetogenerateadirectoryforeachevent
![Page 75: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/75.jpg)
07/19/200408:56AM14Event_AtiHotKeyPoller.csv07/19/200408:56AM23Event_DCOM.csv07/19/200408:56AM33Event_Dhcp.csv07/19/200408:56AM23Event_DnsApi.csv07/19/200408:56AM27Event_EventLog.csv07/19/200408:56AM12Event_GEMPCC.csv07/19/200408:56AM13Event_i8042prt.csv07/19/200408:56AM16Event_Kerberos.csv07/19/200408:56AM15Event_NETLOGON.csv07/19/200408:56AM15Event_NtServicePack.csv07/19/200408:56AM13Event_Print.csv07/19/200408:56AM23Event_RemoteAccess.csv07/19/200408:56AM14Event_SCardSvr.csv07/19/200408:56AM39Event_ServiceControlManager.csv07/19/200408:56AM21Event_Tcpip.csv07/19/200408:56AM29Event_W32Time.csv07/19/200408:56AM14Event_Win32k.csv07/19/200408:56AM15Event_Workstation.csv19File(s)372bytes2Dir(s)34,340,712,448bytesfree
sourcename,andforeacheventIDgeneratedbythesource,aCSVfilecontainingthenumberofeventsloggedwiththatID:
LogParser"SELECTSourceName,EventID,COUNT(*)ASTotalINTO*\ID_*.csvFROMSystemGROUPBYSourceName,EventID"-i:EVT-o:CSVAfterthecommandexecutioniscomplete,wewillhaveasmanydirectoriesasthenumberofdifferenteventsourcenames:
C:\>dirVolumeindriveChasnolabel.VolumeSerialNumberis49B5-4736
DirectoryofC:
07/19/200409:08AM<DIR>.07/19/200409:08AM<DIR>..07/19/200409:08AM<DIR>ApplicationPopup07/19/200409:08AM<DIR>AtiHotKeyPoller07/19/200409:08AM<DIR>DCOM07/19/200409:08AM<DIR>Dhcp07/19/200409:08AM<DIR>DnsApi07/19/200409:08AM<DIR>EventLog07/19/200409:08AM<DIR>GEMPCC07/19/200409:08AM<DIR>i8042prt07/19/200409:08AM<DIR>Kerberos07/19/200409:08AM<DIR>NETLOGON07/19/200409:08AM<DIR>NtServicePack07/19/200409:08AM<DIR>Print07/19/200409:08AM<DIR>RemoteAccess07/19/200409:08AM<DIR>SCardSvr07/19/200409:08AM<DIR>ServiceControlManager07/19/200409:08AM<DIR>Tcpip07/19/200409:08AM<DIR>W32Time07/19/200409:08AM<DIR>Win32k07/19/200409:08AM<DIR>Workstation0File(s)0bytes21Dir(s)34,340,712,448bytesfree
EachdirectorywillcontainasmanyCSVoutputfilesasthenumberofdifferenteventID'sloggedbytheeventsource:
C:\>dirDCOMVolumeindriveChasnolabel.VolumeSerialNumberis49B5-4736
DirectoryofC:\DCOM
07/19/200409:08AM<DIR>.07/19/200409:08AM<DIR>..07/19/200409:08AM10ID_10002.csv07/19/200409:08AM10ID_10010.csv
EachCSVoutputfilewillcontainthenumberofeventsloggedwiththeeventID:
C:\>typeDCOM\ID_10010.csvTotal2Followingisalistoftheoutputformatsthatsupportthe"multiplex"feature:
CSVTSVXMLW3CIISTPL
©2004MicrosoftCorporation.Allrightsreserved.
![Page 76: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/76.jpg)
ConvertingFileFormatsConvertingalogfilefromoneformattoanothercanbeeasilyaccomplishedwithLogParserbyexecutingacommandwiththefollowingcharacteristics:
Theinputformatchosenforthecommandshouldmatchtheconversionsourceformat;Theoutputformatchosenforthecommandshouldmatchtheconversiontargetformat;ThequeryshouldcontainaSELECTclausethatperformsthenecessarymodificationsontheinputformatfieldnamesandvaluesinordertomatchtherequirementsofthetargetformat.
WhenusingLogParsertoconvertonelogfileformattoanother,weshouldpaycloseattentiontotheorderandnamesofthefieldsintheinputandoutputformats.Someoutputformats,suchastheIISoutputformat,havefixedfields.WhenconvertingtoIISlogformat,inputformatfieldsshouldbeselectedtomatchtheIISformatexactly.Forexample,whenconvertingaW3CExtendedlogfiletoIISlogformat,weshouldselecttheclientIPaddressfirst,theusernamenext,andsoon.
Inaddition,wemightwanttochangethenameofthefieldsthatweextractfromtheinputformat.Forexample,whenwritingtoaW3CExtendedformatlogfile,LogParserretrievesthenamestobewrittentothe"#Fields"directivefromtheSELECTclause.IfweretrievedatafromanIISlogformatfile,thesenamesarenotthesameasthoseusedbytheW3CExtendedformat,sowemustaliaseveryfieldinordertogetthecorrectfieldname.
Asanexample,considerthefollowingSELECTclausethatconvertsIISlogformatfilestoIISW3CExtendedlogformat:
SELECTTO_DATE(TO_UTCTIME(TO_TIMESTAMP(Date,Time)))ASdate,TO_TIME(TO_UTCTIME(TO_TIMESTAMP(Date,Time)))AStime,ServiceInstanceASs-sitename,WecanseethattheindividualfieldshavebeenrenamedaccordingtotheW3CExtendedconvention,sothattheoutputfileisfullycompliantwith
![Page 77: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/77.jpg)
HostNameASs-computername,ServerIPASs-ip,RequestTypeAScs-method,REPLACE_CHR(Target,'\u0009\u000a\u000d','+')AScs-uri-stem,ParametersAScs-uri-query,UserNameAScs-username,UserIPASc-ip,StatusCodeASsc-status,Win32StatusCodeASsc-win32-status,BytesSentASsc-bytes,BytesReceivedAScs-bytes,TimeTakenAStime-taken
theIISW3CExtendedformat.Inaddition,the"date"and"time"fieldsareconvertedfromlocaltime,whichisusedintheIISlogformat,toUTCtime,whichisusedintheW3CExtendedlogformat.
Thecommand-lineLogParserexecutablecanbeusedtorunbuilt-inqueriesthatperformconversionsbetweenthefollowingformats:
BINtoW3CIIStoW3CBINtoIISIISW3CtoIIS
Formoreinformation,refertotheCommand-LineOperationreference.
©2004MicrosoftCorporation.Allrightsreserved.
![Page 78: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/78.jpg)
CustomPluginsLogParserallowsuserstodevelopcustominputformatsandusethemwithboththecommand-lineLogParserexecutableandwiththeLogParserscriptableCOMcomponents.
Thereisnorequirementonthelanguagethatcanbeusedtoimplementacustominputformat;forexample,custominputformatscanbeimplementedusinganyofthefollowinglanguages:
C++C#VisualBasic®JScript®orVBScript
CustominputformatsaredevelopedasCOMobjectsimplementingthemethodsoftheILogParserInputContextCOMinterface.TherearetwowaystowriteaCOMobjectthatimplementsthemethodsofthisinterface:implementingtheILogParserInputContextinterfacedirectly,orimplementingtheIDispatch(Automation)interfaceexposingthemethodsoftheILogParserInputContextinterface.
ImplementingtheILogParserInputContextInterfaceDirectlyWiththismethod,aLogParsercustominputformatCOMobjectmustimplementtheILogParserInputContextinterfacedirectly.ThismethodusuallyrequireswritingC++orVisualBasiccode.
ImplementingtheIDispatchInterfaceExposingtheILogParserInputContextInterfaceMethodsWiththismethod,aLogParsercustominputformatCOMobjectmustimplementtheIDispatchinterface,andsupportthesamemethodsexposedbytheILogParserInputContextinterface.Thismethodusuallyrequireswritingscriptlets(.wsc)filesinJScriptorVBScript.COMinputformatpluginsthatimplementtheIDispatchinterfacecanalsosupportcustomproperties.
![Page 79: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/79.jpg)
CustominputformatCOMobjectsmustberegisteredwiththeCOMinfrastructureinordertobeaccessiblebyLogParser.Thistaskcanbeusuallyachievedusingtheregsvr32.exetooldistributedwiththeWindowsOS.ThefollowingcommandregistersacustominputformatCOMobjectimplementedasadynamiclinklibrary(dll):
C:\>regsvr32myinputformat.dll
ThefollowingcommandregistersacustominputformatCOMobjectimplementedasascriptletJScriptorVBScriptfile:
C:\>regsvr32myinputformat.wsc
OncedevelopedandregisteredwiththeCOMinfrastructure,custominputformatscanbeusedwitheitherthecommand-lineLogParserexecutable,orwiththeLogParserscriptableCOMcomponents.
![Page 80: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/80.jpg)
UsingCustomInputFormatswiththeCommand-LineLogParserExecutableWiththecommand-lineLogParserexecutable,custominputformatsareusedthroughtheCOMinputformat,whichallowsuserstospecifytheProgIDofthecustomCOMobjectandeventualrun-timeproperties.
Asanexample,let'sassumethatwehavejustdevelopedacustominputformat,andthatitsProgIDis"MySample.MyInputFormat".WiththeCOMinputformat,thecustomCOMobjectcanbeusedasfollows:
C:\>logparser"SELECT*FROMinputfile"-i:COM-iProgID:MySample.MyInputFormatIntheexampleabove,"inputfile"standsforthespecificfrom-entityrecognizedbythecustominputformat.
IfweimplementedourCOMobjectthroughanAutomationinterface,wecouldalsohaveourobjectsupportcustomproperties,andsetthemthroughtheCOMinputformatasshowninthefollowingexample:
C:\>logparser"SELECT*FROMinputfile"-i:COM-iProgID:MySample.MyInputFormat-iCOMParams:ExtendedFields=onFormoreinformationontheCOMinputformat,refertotheCOMInputFormatreference.
![Page 81: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/81.jpg)
UsingCustomInputFormatswiththeLogParserScriptableCOMComponentsWiththeLogParserscriptableCOMcomponents,custominputformatobjectsarepassedastheinputFormatargumenttotheExecuteorExecuteBatchmethodsoftheLogQueryobject.
ThefollowingVBScriptexampleshowshowour"MySample.MyInputFormat"customCOMobjectcanbeusedwiththeLogParserscriptableCOMcomponents:
DimoLogQueryDimoMyInputFormatDimoCSVOutputFormatDimstrQuery
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreateourcustomInputFormatobjectSetoMyInputFormat=CreateObject("MySample.MyInputFormat")
'CreateOutputFormatobjectSetoCSVOutputFormat=CreateObject("MSUtil.LogQuery.CSVOutputFormat")oCSVOutputFormat.tabs=TRUE
'CreatequerytextstrQuery="SELECTTimeGenerated,EventIDINTOC:\output.csvFROMSystem"strQuery=strQuery&"WHERESourceName='ApplicationPopup'"
'ExecutequeryoLogQuery.ExecuteBatchstrQuery,oMyInputFormat,oCSVOutputFormat
FormoreinformationontheLogParserscriptableCOMcomponents,seeLogParserCOMAPIOverview,andCOMAPIReference.
![Page 82: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/82.jpg)
CustomInputFormatSamplesLogParsercomeswiththreecustominputformatsamples,locatedinthe"Samples\COM"folder:
Processes:thissampleshowshowtowriteacustominputformatusingtheC++language;BooksXML:thissampleshowshowtowriteacustominputformatthatparsesXMLdocuments,usingtheC#language;QFE:thissampleshowshowtowriteacustominputformatthatreturnsinformationgatheredthroughaWMIquery,usingtheVBScriptlanguage.
FormoreinformationoncustominputformatpluginsandtheILogParserInputContextinterface,refertotheCOMInputFormatPluginsreference.
©2004MicrosoftCorporation.Allrightsreserved.
![Page 83: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/83.jpg)
LogParserCOMAPIOverviewTheLogParserscriptableCOMcomponentsoffernumerousadvantagesandmoreflexibilitythanthecommand-lineexecutablebinary.Forexample,withtheLogParserscriptableCOMcomponentswecanexecuteaquerywithoutprovidinganoutputformat,retrievetheresultoutputrecords,andprocesstheoutputrecordsourselves.
TheLogParserscriptableCOMcomponentsareimplementedasAutomationobjects,whichmeansthattheycanbeusedfromanyprogrammingenvironmentsupportingautomation,includingC++,C#,VisualBasic,JScriptandVBScript.
Tip:BeforeusingtheLogParserscriptableCOMcomponentsonacomputer,the"LogParser.dll"binaryshouldberegisteredwiththecomputer'sCOMinfrastructurebyexecutingthefollowingcommandinthedirectorycontainingthe"LogParser.dll"binary:C:\LogParser>regsvr32LogParser.dll
TheLogParserscriptableCOMcomponentsarchitectureismadeupofthefollowingobjects:
MSUtil.LogQueryobject:thisisthemainCOMobjectintheLogParserscriptableCOMcomponentsarchitecture;itexposesthemainAPImethodsandprovidesaccesstootherobjectsinthearchitecture.InputFormatobjects:theseobjectsprovideprogrammaticaccesstotheinputformatssupportedbyLogParser;eachinputformatobjectexposespropertieshavingthesamenameastheparametersofthecorrespondingLogParserinputformat.OutputFormatobjects:theseobjectsprovideprogrammaticaccesstotheoutputformatssupportedbyLogParser;eachoutputformatobjectexposespropertieshavingthesamenameastheparametersofthecorrespondingLogParseroutputformat.
WhenwritinganapplicationthatusestheLogParserscriptableCOMcomponents,theveryfirststepshouldbetheinstantiationoftheMSUtil.LogQueryCOMobject.ThefollowingJScriptexampleshowshowtheMSUtil.LogQueryobjectis
![Page 84: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/84.jpg)
instantiatedbyaJScriptapplication:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
ThefollowingVBScriptexampleshowshowtheMSUtil.LogQueryobjectisinstantiatedbyaVBScriptapplication:
DimoLogQuerySetoLogQuery=CreateObject("MSUtil.LogQuery")OncetheMSUtil.LogQueryCOMobjecthasbeeninstantiated,anapplicationwouldusuallyproceedbyexecutingaqueryineitherbatchmodeorinteractivemode,dependingonthetaskthatneedstobeaccomplished.
![Page 85: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/85.jpg)
BatchModeAqueryexecutedinbatchmodewillhaveitsoutputrecordswrittendirectlytoanoutputformat.BatchmodeworksinthesamewayasthecommandsusedwiththeLogParsercommand-lineexecutable,anditisusefulwhenwewanttoexecuteaqueryandhaveitsresultssenttoanoutputformat,withnoapplicationinterventiononthequeryoutputrecords.
AqueryisexecutedinbatchmodebycallingtheExecuteBatchmethodoftheMSUtil.LogQueryobject.Thismethodtakesthreearguments:
ThetextoftheSQL-Likequery;Aninputformatobject;Anoutputformatobject.
ThebasicstepsofanapplicationusingbatchmoderesemblethecommandsusedwiththeLogParsercommand-lineexecutable:
1. InstantiatetheMSUtil.LogQueryobject;2. Instantiatetheinputformatobjectcorrespondingtotheinput
formatchosenforthequery;3. Ifneeded,setinputformatobjectpropertiestochangethe
defaultbehavioroftheinputformat;4. Instantiatetheoutputformatobjectcorrespondingtothe
outputformatchosenforthequery;5. Ifneeded,setoutputformatobjectpropertiestochangethe
defaultbehavioroftheoutputformat;6. CalltheExecuteBatchmethodoftheMSUtil.LogQuery
object,specifyingthequerytext,theinputformatobject,andtheoutputformatobject.
ThefollowingexamplesshowasimpleapplicationthatcreatesaCSVfile
![Page 86: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/86.jpg)
containingselectedrecordsfromtheeventlog.AfterinstantiatingthemainMSUtil.LogQueryobject,theapplicationinstantiatestheMSUtil.EVTInputFormatinputformatobject,whichimplementstheEVTinputformat,andsetsitsdirectionpropertyto"BW",inordertoreadeventsfromthelatesttotheearliest.Then,theapplicationinstantiatestheMSUtil.CSVOutputFormatoutputformatobject,whichimplementstheCSVoutputformat,andsetsitstabspropertyto"ON",inordertoimprovereadabilityoftheCSVfile.Finally,theapplicationcallstheExecuteBatchmethodoftheMSUtil.LogQueryobject,specifyingthequery,theinputformatobject,andtheoutputformatobject;themethodwillexecutethequery,readingfromtheeventlogandwritingtothespecifiedCSVfile,andwillreturnwhenthequeryexecutioniscomplete.
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreateInputFormatobjectvaroEVTInputFormat=newActiveXObject("MSUtil.LogQuery.EventLogInputFormat");oEVTInputFormat.direction="BW";
//CreateOutputFormatobjectvaroCSVOutputFormat=newActiveXObject("MSUtil.LogQuery.CSVOutputFormat");oCSVOutputFormat.tabs=true;
//CreatequerytextvarstrQuery="SELECTTimeGenerated,EventIDINTOC:\\output.csvFROMSystem";strQuery+="WHERESourceName='ApplicationPopup'";
//ExecutequeryoLogQuery.ExecuteBatch(strQuery,oEVTInputFormat,oCSVOutputFormat);
VBScriptexample:
DimoLogQueryDimoEVTInputFormatDimoCSVOutputFormatDimstrQuery
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreateInputFormatobjectSetoEVTInputFormat=CreateObject("MSUtil.LogQuery.EventLogInputFormat")oEVTInputFormat.direction="BW"
'CreateOutputFormatobjectSetoCSVOutputFormat=CreateObject("MSUtil.LogQuery.CSVOutputFormat")oCSVOutputFormat.tabs=TRUE
![Page 87: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/87.jpg)
'CreatequerytextstrQuery="SELECTTimeGenerated,EventIDINTOC:\output.csvFROMSystem"strQuery=strQuery&"WHERESourceName='ApplicationPopup'"
'ExecutequeryoLogQuery.ExecuteBatchstrQuery,oEVTInputFormat,oCSVOutputFormat
![Page 88: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/88.jpg)
InteractiveModeQueriesexecutedininteractivemodedonotuseoutputformats,butratherreturntheiroutputrecordsdirectlytotheapplication.Interactivemodeisusefulwhenwewanttoexecuteaqueryandreceivetheoutputrecordsforcustomprocessing.
AqueryisexecutedininteractivemodebycallingtheExecutemethodoftheMSUtil.LogQueryobject.Thismethodtakestwoarguments:
ThetextoftheSQL-Likequery;Aninputformatobject.
TheExecutemethodreturnsaLogRecordSetobject.TheLogRecordSetobjectisanenumeratorofLogRecordobjects;itallowsanapplicationtonavigatethroughthequeryoutputrecords.EachLogRecordobjectrepresentsasinglequeryoutputrecord,anditexposesmethodsthatcanbeusedtoretrieveindividualfieldvaluesfromtheoutputrecord.
Thebasicstepsofanapplicationusinginteractivemodeare:
1. InstantiatetheMSUtil.LogQueryobject;2. Instantiatetheinputformatobjectcorrespondingtotheinput
formatchosenforthequery;3. Ifneeded,setinputformatobjectpropertiestochangethe
defaultbehavioroftheinputformat;4. CalltheExecutemethodoftheMSUtil.LogQueryobject,
specifyingthequerytextandtheinputformatobject,andreceivingaLogRecordSetobject;
5. EnteraloopthatusestheatEnd,getRecord,andmoveNextmethodsoftheLogRecordSetobjecttoenumeratetheLogRecordqueryresultobjects;
6. ForeachLogRecordobject,accessitsfieldvaluesusingthegetValuemethodoftheLogRecordobject,andprocessthe
![Page 89: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/89.jpg)
fieldvaluesasneeded;7. Whenfinished,disposeoftheLogRecordSetobjectby
callingitsclosemethod.
ThefollowingexamplesshowasimpleapplicationparsinganIISwebsite'slogsandprintingtheoutputrecordstotheconsoleoutput.AfterinstantiatingthemainMSUtil.LogQueryobject,theapplicationinstantiatestheMSUtil.IISW3CInputFormatinputformatobject,whichimplementstheIISW3Cinputformat.Then,theapplicationcallstheExecutemethodoftheMSUtil.LogQueryobject,specifyingthequeryandtheinputformatobject,andreceivingtheresultingLogRecordSetobject.TheLogRecordSetobjectisusedinalooptoenumeratetheLogRecordobjectsimplementingthequeryoutputrecords;theapplicationretrievesthefirstfieldfromeachLogRecordobjectandprintsittotheconsoleoutput.Finally,theapplicationdisposesoftheLogRecordSetobjectbycallingitsclosemethod.
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreateInputFormatobjectvaroIISW3CInputFormat=newActiveXObject("MSUtil.LogQuery.IISW3CInputFormat");
//CreatequerytextvarstrQuery="SELECTc-ipFROM<1>WHEREcs-uri-stemLIKE'%hitcount.asp'";
//ExecutequeryandreceiveaLogRecordSetvaroRecordSet=oLogQuery.Execute(strQuery,oIISW3CInputFormat);
//Visitallrecordswhile(!oRecordSet.atEnd())
VBScriptexample:
DimoLogQueryDimoIISW3CInputFormatDimstrQueryDimoRecordSetDimoRecordDimstrClientIp
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreateInputFormatobjectSetoIISW3CInputFormat=CreateObject("MSUtil.LogQuery.IISW3CInputFo
©2004MicrosoftCorporation.Allrightsreserved.
![Page 90: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/90.jpg)
{ //Getarecord varoRecord=oRecordSet.getRecord();
//Getfirstfieldvalue varstrClientIp=oRecord.getValue(0);
//Printfieldvalue WScript.Echo("ClientIPAddress:"+strClientIp);
//AdvanceLogRecordSettonextrecord oRecordSet.moveNext();}
//CloseLogRecordSetoRecordSet.close();
rmat")
'CreatequerytextstrQuery="SELECTc-ipFROM<1>WHEREcs-uri-stemLIKE'%hitcount.asp'"
'ExecutequeryandreceiveaLogRecordSetSetoRecordSet=oLogQuery.Execute(strQuery,oIISW3CInputFormat)
'VisitallrecordsDOWHILENOToRecordSet.atEnd
'Getarecord SetoRecord=oRecordSet.getRecord
'Getfirstfieldvalue strClientIp=oRecord.getValue(0)
'Printfieldvalue WScript.Echo"ClientIPAddress:"&strClientIp
'AdvanceLogRecordSettonextrecord oRecordSet.moveNext
LOOP
'CloseRecordSetoRecordSet.close
![Page 91: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/91.jpg)
C#ExampleTheLogParserscriptableCOMcomponentscanbeeasilyconsumedby.NETapplicationsusingtheCOMinteropfeatureofthe.NETFramework.
TheCOMinteropfeatureofthe.NETframeworkallowsuserstoinstantiateanduseCOMobjectsthroughtheuseofRuntimeCallableWrappers(RCW).TheRCWisa.NETclassthatwrapsaCOMobjectandgivesa.NETapplicationthenotionthatit'sinteractingwithamanaged.NETcomponent.RCW'sarecreatedbyeitherusingtheTypeLibraryImporter(tlbimp.exe)tool,orbyimportingareferencetotheLogParserscriptableCOMobjectsthroughtheMicrosoftVisualStudio®.NETuserinterface.Ineithercase,theRCW'saregeneratedandstoredinanassemblynamed"Interop.MSUtil.dll",whichcontainsRuntimeCallableWrappersforalloftheLogParserscriptableCOMcomponents.Byreferencingthisassembly,our.NETapplicationscanusetheLogParserscriptableCOMcomponentsasiftheyweremanaged.NETcomponents.
ThefollowingexampleC#applicationexecutesaLogParserquerythatreturnsthelatest50eventsfromtheSystemeventlog,printingthequeryresultstotheconsoleoutput:
usingSystem;usingLogQuery=Interop.MSUtil.LogQueryClassClass;usingEventLogInputFormat=Interop.MSUtil.COMEventLogInputContextClassClass;usingLogRecordSet=Interop.MSUtil.ILogRecordset;
classLogParserSample{publicstaticvoidMain(string[]Args){try{//InstantiatetheLogQueryobject
Thefollowingstepsdescribehowtobuildthissampleapplication:
1. BuildaninteropassemblycontainingtheRuntimeCallableWrappersfortheLogParserscriptableCOMcomponents.Thisstepcanbyexecutedintwodifferentways:FromwithinaVisualStudio.NETproject,importareferencetotheLogParserscriptableCOMcomponents;Fromacommand-lineshell,executethetlbimp.exetool(generallyavailableinthe"Bin"folderofthe.NETframeworkSDK),specifyingthepathtotheLogParser.dllbinary:
![Page 92: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/92.jpg)
LogQueryoLogQuery=newLogQuery();
//InstantiatetheEventLogInputFormatobjectEventLogInputFormatoEVTInputFormat=newEventLogInputFormat();
//Setits"direction"parameterto"BW"oEVTInputFormat.direction="BW";
//Createthequerystringquery=@"SELECTTOP50SourceName,EventID,MessageFROMSystem";
//ExecutethequeryLogRecordSetoRecordSet=oLogQuery.Execute(query,oEVTInputFormat);
//Browsetherecordsetfor(;!oRecordSet.atEnd();oRecordSet.moveNext()){Console.WriteLine(oRecordSet.getRecord().toNativeString(","));}
//ClosetherecordsetoRecordSet.close();}catch(System.Runtime.InteropServices.COMExceptionexc){Console.WriteLine("Unexpectederror:"+exc.Message);}}}
C:\>tlbimpLogParser.dll/out:Interop.MSUtil.dll
Ineithercase,anassemblynamed"Interop.MSUtil.dll"iscreated.
2. Compilethesamplesourcefileintoanexecutable,referencingthenewlycreated"Interop.MSUtil.dll"assembly.Fromacommand-lineshell,thisstepcanbeexecutedasfollows:
C:\>csc/r:Interop.MSUtil.dll/out:Events.exesample.cs
©2004MicrosoftCorporation.Allrightsreserved.
![Page 93: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/93.jpg)
SecurityConsiderationsWhenusinginputandoutputformatstoretrieveandsenddataoverthenetwork,usersshouldbeawarethatmostoftheprotocolsutilizedfordatatransfer(e.g.SMB,HTTP,andSYSLOG)donotmakeuseofencryption,andcouldthusbevulnerabletointerceptionandtamperingbymaliciousentities.Inordertoprovideasecureenvironmentinwhichthesenetworkconnectionsarelessvulnerabletointerception,usersshouldimplementtheIPSecprotocolontheirnetworks,and/oruseSSLHTTPconnectionswhenretrievingdatafromaWebURL.WhenusingtheIncrementalParsingfeature,usersshouldstoretheircheckpointfilesinasecurelocation,andverifythatcheckpointfileshaveproperACL's(AccessControlLists)preventingmaliciousentitiesfromtamperingwiththedatathattheLogParserinputformatsstoreinthecheckpointfiles.WhenimplementingcustominputformatCOMobjects,usersshouldensurethattheobjectsarenotaccessiblefromlocalandremotelow-privilegedusers,inordertopreventmaliciousentitiesfrominstantiatingandusingthecustominputformatobjectsfromthelocalcomputerorfromaremotecomputer.Inordertodenyaccesstolow-privilegedusers,eithersetproperACL'sonthecustominputformatCOMobjects'binaries,orusethe"DCOMConfiguration"ManagementConsole(availableinthe"AdministrativeTools"folderunderthe"ComponentServices"managementconsole)toexplicitlyallowselectedusersonlylocalaccesstoyourcustominputformatCOMobjects.WhenusingtheSQLoutputformat,usersshouldbeawarethattheODBCconnectionpropertiesprovidedthroughtheSQLoutputformatparameters,whichincludeusernameandpassword,couldbetransmittedoverthenetworkincleartext.Inaddition,thedatatransmittedthroughtheODBCconnectioncouldbeunencryptedandthusvulnerabletointerceptionandtamperingbymaliciousentities.Inordertoprovideamoresecureenvironment,usersshouldcreateaDataSourceName(DSN)onthelocalcomputerspecifyingtheconnectionpropertiestousefortheconnectiontothedatabase,and
![Page 94: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/94.jpg)
specifythenameoftheDataSourceasavaluetothedsnparameteroftheSQLoutputformat.UsingaDataSourceNamefortheconnectionprovidesthefollowingbenefits:TheusernameandpasswordfortheconnectionarestoredsecurelybytheODBCsubsystem;
CertainODBCdrivers,includingMicrosoftSQLServerTMODBCdriversandMicrosoftAccessODBCdrivers,provideanoptionthatallowsuserstoenableencryptionofthenetworktrafficbetweentheODBCconnectionendpoints.
FormoreinformationonsecuringthecommunicationbetweentheODBCconnectionsendpoints,seetheMSDN®DataAccessSecuritytopic.Whenprocessingsensitiveorconfidentialdata,usersshouldprovideproperACL'sonthefilesgeneratedbytheoutputformatsoronthedirectoriesinwhichtheoutputformatsgeneratefiles,inordertopreventmaliciousentitiesfromaccessingand/ortamperingwiththeoutputdatageneratedbyaquery.
©2004MicrosoftCorporation.Allrightsreserved.
![Page 95: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/95.jpg)
FrequentlyAskedQuestions1. HowdoIspecifyyesterday’sdate?2. HowdoIretrievetheeventlogsthathavebeenloggedinthe
past10minutes?3. AfterparsingmyIISlogfiles,Igetamessagesaying"There
havebeen4parseerrors."Whatcausesthis?4. HowdoIchangethecolumnnamesinmyoutputfile?5. HowdoIcombinetheIISW3C"date"and"time"fieldsintoa
singleTIMESTAMPfield?6. HowdoIsplitasingleTIMESTAMPfieldintoadate-onlyfield
andatime-onlyfield?7. WhenIusea"SELECT*"onanIISW3CExtendedlogfile,I
getmanyfieldswithNULLvalues.Whatcausesthis?8. Igetanerrorsaying"UnknownfieldXYZ"whenIexecutemy
query.HowdoIfixthis?9. IamtryingtowriteaquerythatusestheINoperator,butLog
Parserkeepsgivingmeerrors.WhatamIdoingwrong?10. WhenIexecutea"SELECT*"onalogfile,theoutputrecords
contain2extrafieldsthatIcannotfindinthelog.Whatarethesefields?
11. IamdevelopinganASPorASP.NetorScheduledTaskapplicationwithLogParser,andI'mhavingproblemswithpermissions.WhatcanIdo?
12. CanIusetheLogParserscriptableCOMcomponentsfromamulti-threadedapplication?
HowdoIspecifyyesterday’sdate?YouneedtousetheSUBfunctiontosubtractonedayfromthecurrentUTCtimestampreturnedbytheSYSTEM_TIMESTAMPfunction.
![Page 96: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/96.jpg)
TheoriginforTIMESTAMPvaluesisJanuary1,year0at00:00:00.ThismeansthatatimespanofonedayisrepresentedbythetimestampforJanuary2,year0at00:00:00,i.e.24hoursaftertheoriginoftime.Usethefollowingfield-expressiontospecifyyesterday’sdate:
SUB(SYSTEM_TIMESTAMP(),TIMESTAMP('01-02','MM-dd'))
Formoreinformation,seetheTIMESTAMPReference.
HowdoIretrievetheeventlogsthathavebeenloggedinthepast10minutes?
YouneedtousetheSUBfunctiontosubtract10minutesfromthecurrentUTCtimestampreturnedbytheSYSTEM_TIMESTAMPfunction,andconvertthistimestamptolocaltimeusingtheTO_LOCALTIMEfunction:
SELECT*FROMSystemWHERETimeGenerated>=TO_LOCALTIME(SUB(SYSTEM_TIMESTAMP(),TIMESTAMP('10','mm')))AfterparsingmyIISlogfiles,Igetamessagesaying"Therehave
been4parseerrors."Whatcausesthis?Yourlogfilesaresomehowmalformed.Thismighthappen,forexample,ifaclientrequestsaURLorspecifiesausernamecontainingspaces.LogParsercannotprocessthatrowandskipsit.Toseeexactlywhat'sgoingon,setthe-eglobalswitchtoanyvaluegreaterthanorequaltozero.ThismakesLogParserstopthequeryexecutionwhenthatnumberofparseerrorsisencountered,anddumpallthemessagesoftheparseerrorsthatoccurred.Formoreinformation,seeErrors,ParseErrors,andWarnings.
HowdoIchangethecolumnnamesinmyoutputfile?UsetheASkeywordinyourSELECTclausetoaliasthefield.Forexample:
![Page 97: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/97.jpg)
SELECTField1ASnewFieldName,Field2ASnewFieldName2,...
HowdoIcombinetheIISW3C"date"and"time"fieldsintoasingleTIMESTAMPfield?
UsetheTO_TIMESTAMPfunction,asinthefollowingexample:
SELECTTO_TIMESTAMP(date,time),...
HowdoIsplitasingleTIMESTAMPfieldintoadate-onlyfieldandatime-onlyfield?
UsetheTO_DATEandTO_TIMEfunctions,asinthefollowingexample:
SELECTTO_DATE(myTimestamp),TO_TIME(myTimestamp),...
Formoreinformation,seetheTIMESTAMPReference.
WhenIusea"SELECT*"onanIISW3CExtendedlogfile,IgetmanyfieldswithNULLvalues.Whatcausesthis?
TheIISW3Cinputformathas32fields,whichareallthepossiblefieldsthatIIS5.0andIIS6.0canlog.IfyourWebServerisconfiguredtologonlyafewofthesefields,theIISW3CinputformatreturnstheotherfieldvaluesasNULLvalues.
Igetanerrorsaying"UnknownfieldXYZ"whenIexecutemyquery.HowdoIfixthis?
Ifyouhavenotspecifiedaninputformatforyourquery,LogParserchoosesoneautomaticallybasedonthe<from-entity>intheFROMclauseofyourquery.Insomecases,theinputformatmightnotbetheoneyouexpect.Tryspecifyingtheinputformatexplicitlyusingthe-iswitch.Ifyouhavespecifiedthecorrectinputformat,makesurethatyou
![Page 98: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/98.jpg)
havetypedthefieldnamecorrectly.
IamtryingtowriteaquerythatusestheINoperator,butLogParserkeepsgivingmeerrors.WhatamIdoingwrong?
Makesureyouareseparatingthevaluesontheright-sideoftheINoperatorwiththecorrectseparator.IftheINoperatoriscomparingasinglefield-expressionwithalistofvalues,separatethevalueswithasemicolon(;),notwithacomma,asfollows:
WHEREMyFieldIN('VALUE1';'VALUE2';'VALUE3')
Differentvaluesforthesamefield-expression("value-rows")areseparatedbyasemicolon;commacharactersareusedtoseparatevalueswithinasinglevalue-row.Formoreinformation,seetheINOperatorReference.
WhenIexecutea"SELECT*"onalogfile,theoutputrecordscontain2extrafieldsthatIcannotfindinthelog.Whatarethesefields?
Mostoftheinputformatsaddsometrackingfieldstotheinputrecords,suchasthenameofthefilecurrentlyparsed,andtherownumbercurrentlyparsed.Ifyoudonotwantthesefieldstoappearinyouroutputrecords,donotuse"SELECT*".Instead,specifyonlythefieldnamesthatyouwant,asinthefollowingexample:
SELECTField1,Field2,Field3,....
IamdevelopinganASPorASP.NetorScheduledTaskapplicationwithLogParser,andI'mhavingproblemswithpermissions.WhatcanIdo?
ThefirststepintroubleshootingtheseproblemsisidentifyingtheaccountunderwhichLogParserisrunning.Ifyouaredevelopingan
![Page 99: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/99.jpg)
ASPorASP.Netapplication,LogParserwillrunastheaccountoftheuserrequestingthepage.Iftherequestisanonymous,theaccountistheIISAnonymousaccount;iftherequestisauthenticated,theaccountistheauthenticateduser'saccount.IfyouaredevelopingaScheduledTaskapplication,theaccountistheaccountthatyouhavespecifiedforthetask.Oncetheaccounthasbeenidentified,appropriatepermissionsmustbegivenforthisaccounttoaccessboththeLogParserbinaryandtheDynamicLinkLibrariesthatLogParserdependsto,whichincludestandardWindowslibraries(e.g."kernel32.dll","user32.dll",etc.)andasignificantnumberofotherlibraries(e.g."WinInet.dll","odbcint.dll",etc.).Finally,appropriatepermissionsmustbegivenfortheaccounttoaccessthedatathatyourapplicationasksLogParsertoprocess.ThesemayincludeIISlogfiles,theEventLog,textfiles,andwhateverdatayouareprocessing.Note:ItisnotagoodsecuritypracticetochangesystemACL'sandpermissionstograntuseraccountsaccesstoprotectedsystemresources.Thisisespeciallytrueifyouaredevelopinganexternal-facingwebapplicationthatusesLogParsertodisplayinformationtotheusers.Inthesecases,considerinsteaddevelopingaScheduledTaskthatrunsundera"private"account,andthatgeneratesatfrequentintervalsthewebpagesthatyourapplicationwilldisplaytotheuser.
CanIusetheLogParserscriptableCOMcomponentsfromamulti-threadedapplication?
TheLogParserscriptableCOMcomponentsareregisteredtorunwithinasingle-threadedCOMapartment,meaningthattheobjectscanbeusedfrommultiplethreads,butcallstotheobjects'methodswillbeserializedbytheCOMinfrastructuretoguaranteethatonlyonethreadatatimecanaccessthecomponents.
©2004MicrosoftCorporation.Allrightsreserved.
![Page 100: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/100.jpg)
QuerySyntax<query> ::= <select_clause>[<using_clause>]
[<into_clause>]<from_clause>[<where_clause>][<group_by_clause>][<having_clause>][<order_by_clause>]
Remarks:Aquerycanincludecomments,thatis,user-providedtextnotevaluatedbyLogParser,usedtodocumentcodeortemporarilydisablepartsofquerystatements.Formoreinformation,readtheCommentsReference.
Examples:
A.MinimalqueryThefollowingexampleshowstheminimalquerythatcanbewrittenwiththeLogParserSQL-Likelanguage,makinguseoftheSELECTandFROMclausesonly:
SELECTTimeGenerated,SourceNameFROMSystemB.CompletequeryThefollowingexampleshowsacompletequerythatmakesuseofalltheclausesintheLogParserSQL-Likelanguage:
![Page 101: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/101.jpg)
SELECTTypeName,COUNT(*)ASTotalCountUSINGTO_UPPERCASE(EXTRACT_TOKEN(EventTypeName,0,''))ASTypeNameINTOReport.csvFROMSystemWHERETypeNameLIKE'%service%'GROUPBYTypeNameHAVINGTotalCount>5ORDERBYTotalCountDESC
Seealso:SELECTUSINGINTOFROMWHEREGROUPBYHAVINGORDERBY
Comments
©2004MicrosoftCorporation.Allrightsreserved.
![Page 102: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/102.jpg)
SELECT<select_clause> ::= SELECT[TOP<integer>][DISTINCT|ALL
]<selection_list>
<selection_list> ::= <selection_list_el>[,<selection_list_el>...]
<selection_list_el> ::= <field_expr>[AS<alias>]*
TheSELECTclausespecifiesthefieldsoftheoutputrecordstobereturnedbythequery.
Arguments:
TOPnSpecifiesthatonlythefirstnrecordsaretobeoutputfromthequeryresultset.IfthequeryincludesanORDERBYclause,thefirstnrecordsorderedbytheORDERBYclauseareoutput.IfthequeryhasnoORDERBYclause,theorderoftherecordsisarbitrary.Formoreinformation,seeRetrievingaFixedNumberofRecords.
ALLSpecifiesthatduplicaterecordscanappearintheresultset.ALListhedefault.
DISTINCTSpecifiesthatonlyuniquerecordscanappearintheresultset.NULLvaluesareconsideredequalforthepurposesoftheDISTINCTkeyword.Formoreinformation,seeEliminatingDuplicateValues.
![Page 103: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/103.jpg)
<selection_list>Thefieldstobeselectedfortheresultset.Theselectionlistisaseriesoffield-expressionsseparatedbycommas.
*Specifiesthatalltheinputrecordfieldsshouldbereturned.ThefieldsarereturnedintheorderinwhichtheyareexportedbytheInputFormat.
AS<alias>Specifiesanalternativenametoreplacethefieldnameinthequeryresultset.Bydefault,outputformatsthatdisplayfieldnamesusethetextofafield-expressionintheSELECTclauseasthenameofthecorrespondingoutputrecordfield.However,whenafield-expressionintheSELECTclausehasbeenaliased,outputformatswillusethealiasasthenameoftheoutputrecordfield.Thealiasofafield-expressioncanbealsousedanywhereelseinthequeryasashortcutthatreferstotheoriginalfield-expression.
Remarks:Whenafield-expressionisaliasedwithanaliasmatchinganinputrecordfieldname,thealiasingwillaffectthatfield-expressiononly;anyotheroccurrenceofthealiasinthequerywillresolvetotheinputrecordfieldname.Asanexample,theoutputrecordsofthefollowingqueryaremadeupoftwofieldswithanidenticalname("TimeGenerated");thefirstoutputrecordfieldwillcontainvaluesfromthealiasedfield-expression("ADD(EventID,1000)"),whilethesecondoutputrecordfieldwillcontainvaluesfromthe"TimeGenerated"inputformatfield:
SELECTADD(EventID,1000)ASTimeGenerated,TimeGeneratedFROMsystemAfield-expressionintheSELECTclausecanrefertoaliasesdefinedelsewhereintheSELECTclause,aslongasthedefinitionhappens
![Page 104: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/104.jpg)
before(inaleft-to-rightorder)itsuse.ThefollowingexampleisacorrectSELECTclause:
SELECTEventIDASMyAlias,ADD(MyAlias,100)
Ontheotherhand,thefollowingexampleisnotacorrectSELECTclause,sincethe"MyAlias"aliasisusedbeforebeingdefined:
SELECTADD(MyAlias,100),EventIDASMyAlias
Examples:
A.SelectingspecificfieldsThefollowingqueryselectsasubsetofallthefieldsexportedbytheEVTInputFormat:
SELECTTimeGenerated,SourceNameFROMSystemB.Selectingspecificfieldsandfield-expressionsThefollowingqueryselectsaconstantandafunctionthatusesafieldexportedbytheEVTInputFormatasargument:
SELECT'EventType:',EXTRACT_TOKEN(EventTypeName,0,'')FROMSystemC.Selectingallfieldswith*ThefollowingqueryselectsallthefieldsexportedbytheEVTInputFormat:
SELECT*FROMSystemD.UsingTOPThefollowingqueryreturnsthe10mostrequestedUrl'sinthespecifiedIISW3Clogfile:
![Page 105: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/105.jpg)
SELECTTOP10cs-uri-stem,COUNT(*)FROMex040305.logGROUPBYcs-uri-stemORDERBYCOUNT(*)DESCE.UsingDISTINCTThefollowingqueryusestheREGInputFormattoreturnalltheregistrykeyvaluetypesthatarefoundunderthespecifiedkey:
SELECTDISTINCTValueTypeFROM\HKLM\SYSTEM\CurrentControlSetF.Aliasingfield-expressionsThefollowingqueryreturnsabreakdownofpagerequestsperpagetypefromthespecifiedIISW3Clogfile:
SELECTTO_UPPERCASE(EXTRACT_EXTENSION(cs-uri-stem))ASPageType,COUNT(*)ASTotalHitsFROMex040305.logGROUPBYPageTypeORDERBYTotalHitsDESCSeealso:
FieldExpressionsFieldNamesandAliasesUSING
BasicsofaQueryEliminatingDuplicateValuesRetrievingaFixedNumberofRecords
©2004MicrosoftCorporation.Allrightsreserved.
![Page 106: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/106.jpg)
USING<using_clause> ::= USING<field_expr>AS<alias>[,<field_expr>
AS<alias>...]
TheUSINGclausedeclaresaliasedfield-expressionsthatdonotappearintheoutputrecordsbutcanbereferencedanywhereinthequery.TheUSINGclauseisemployedtoimprovequeryreadability.
Remarks:Formoreinformationonaliasingfield-expressions,seetheSELECTClauseReference.
Examples:
A.Declaringaliasedfield-expressionsThefollowingexamplequeryreturnsthe"accountname"portionofthefully-qualifiedaccountnamethatappearsintheresolved"SID"fieldoftheEVTinputformat:
SELECTUsernameUSINGTO_LOWERCASE(RESOLVE_SID(Sid))ASFQAccount,EXTRACT_TOKEN(FQAccount,1,'\\')ASUsernameFROMSecurity
Seealso:FieldExpressionsFieldNamesandAliasesSELECT
ImprovingQueryReadability
![Page 107: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/107.jpg)
©2004MicrosoftCorporation.Allrightsreserved.
![Page 108: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/108.jpg)
INTO<into_clause> ::= INTO<into_entity>
TheINTOclauseisusedtospecifytheoutputformattarget(s)towhichthequeryoutputrecordsaretobewritten.
Remarks:Thesyntaxandinterpretationofthe<into_entity>specifiedintheINTOclausedependsontheoutputformatused.Forinformationonthesyntaxandinterpretationofthe<into_entity>valuessupportedbyeachoutputformat,refertotheOutputFormatsReference.Regardlessoftheoutputformatused,the<into_entity>specifiedintheINTOclausemustcomplywiththefollowinggeneralsyntax:The<into_entity>cannotcontainspaces,unlessitisenclosedbythe'''(singlequote)or'"(doublequotes)characters,asinthefollowingexample:
'C:\ProgramFiles\file3.txt'
Thefollowingcharactersareconsideredparenthesyscharacters,andiftheyappearinan<into_entity>,theymustappearaswell-formedpairsofopeningandclosingparenthesys:
<>()[]{}
Thefollowingexamplesshowvalidinto-entitiescontainingparenthesyscharacters:
entity<value>entity[value]valueThefollowingexamplesshowinvalidinto-entitiescontaining
![Page 109: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/109.jpg)
parenthesyscharacters:
entity>value<entity}valueentity(valueAnycharacter(includingillegalcharactersandnon-printable
characters)inan<into-entity>canbeenteredusingthe\uxxxxnotation,wherexxxxisthe4-digithexadecimalrepresentationoftheUNICODEcharacter,asinthefollowingexample:
C:\Program\u0020Files\file3.txt
Into-entitiesthatrepresentnamesoffilesordirectoriesarenotallowedtocontainthefollowingcharacters,evenwhenenclosedinquotecharactersorenteredusingthe\uxxxxnotation:
tabcarriage-returnline-feed,()"<>
SincetheINTOclauseisnotamandatoryclauseintheLogParserSQL-Likelanguage,mostoutputformatsemploydefault<into_entity>valuesthatareimplicitlyusedwhenaquerydoesnotincludeanINTOclause.Forexample,theNAT,CSV,andTSVoutputformatsassumeSTDOUTwhenanINTOclauseisnotspecified.Formoreinformationonthedefault<into_entity>valuesassumedbyeachoutputformat,refertotheOutputFormatsReference.TheTOclauseusedbyearlierversionsofLogParserhasbeendeprecatedinfavoroftheINTOclause.
Examples:
A.Explicit<into_entity>ThefollowingexamplequeryspecifiesanexplicittargetCSVfilefortheCSVoutputformat:
SELECT*
![Page 110: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/110.jpg)
INTOMyOutput.csvFROMSystemB.Implicit<into_entity>ThefollowingexamplequeryusesanimplicitSTDOUTtargetfortheNAToutputformat:
SELECT*FROMSystemC.Explicit<into_entity>ThefollowingexamplequeryspecifiesanexplicitSTDOUTtargetfortheNAToutputformat:
SELECT*INTOSTDOUTFROMSystem
Seealso:FROM
BasicsofaQueryOutputFormatsReference
©2004MicrosoftCorporation.Allrightsreserved.
![Page 111: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/111.jpg)
FROM<from_clause> ::= FROM<from_entity>
TheFROMclauseisusedtospecifytheinputformatsource(s)fromwhichthequeryinputrecordsaretoberead.
Remarks:Thesyntaxandinterpretationofthe<from_entity>specifiedintheFROMclausedependsontheinputformatused.Forinformationonthesyntaxandinterpretationofthe<from_entity>valuessupportedbyeachinputformat,refertotheInputFormatsReference.Regardlessoftheinputformatused,the<from_entity>specifiedintheFROMclausemustcomplywiththefollowinggeneralsyntax:The<from_entity>mustbeasingleelementoralistofelements,separatedbythe','(comma)or';'(semicolon)characters,asinthefollowingexamples:
file1.txtfile1.txt,file2.txtfile1.txt;D:\file2.txt;file3.txtEachelementcannotcontainspaces,','(comma)characters,or';'(semicolon)characters,unlesstheelementisenclosedbythe'''(singlequote)or'"(doublequotes)characters,asinthefollowingexample:
file2.txt,'C:\ProgramFiles\file3.txt',file4.txt
Thefollowingcharactersareconsideredparenthesyscharacters,andiftheyappearinanelement,theymustappearaswell-formedpairsofopeningandclosingparenthesys:
<>()[]{}
![Page 112: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/112.jpg)
Thefollowingexamplesshowvalidfrom-entitiescontainingparenthesyscharacters:
entity<value>entity[value]valueThefollowingexamplesshowinvalidfrom-entitiescontainingparenthesyscharacters:
entity>value<entity}valueentity(valueAnycharacter(includingillegalcharactersandnon-printable
characters)ina<from-entity>canbeenteredusingthe\uxxxxnotation,wherexxxxisthe4-digithexadecimalrepresentationoftheUNICODEcharacter,asinthefollowingexample:
C:\Program\u0020Files\file3.txt
From-entitiesthatrepresentnamesoffilesordirectoriesarenotallowedtocontainthefollowingcharacters,evenwhenenclosedinquotecharactersorenteredusingthe\uxxxxnotation:
tabcarriage-returnline-feed,()"<>
Examples:
A.<from_entity>withtheREGinputformatThefollowingexamplequeryreadsinputrecordsfromtheregistryusingtheREGinputformat:
SELECT*FROM\HKLM\SOFTWAREB.<from_entity>withtheEVTinputformatThefollowingexamplequeryreadsinputrecordsfromtheSystemandSecurityeventlogsusingtheEVTinputformat:
![Page 113: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/113.jpg)
SELECT*FROMSystem,Security
Seealso:INTO
BasicsofaQueryInputFormatsReference
©2004MicrosoftCorporation.Allrightsreserved.
![Page 114: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/114.jpg)
WHERE<where_clause> ::= WHERE<expression>
TheWHEREclauseisusedtospecifyabooleanconditionthatmustbesatisfiedbyaninputrecordforthatrecordtobeoutput.Inputrecordsthatdonotsatisfytheconditionarediscarded.
Remarks:TheexpressioninaWHEREclausecannotreferenceSQL(aggregate)functions.Tospecifyconditionsonvaluesofaggregatefunctions,usetheHAVINGclause.
Examples:
A.Simpleexpression
WHEREEventID=501
B.Complexexpression
WHEREEXTRACT_TOKEN(Strings,1,'|')LIKE'%logon&'AND(TimeGenerated>SUB(TO_LOCALTIME(SYSTEM_TIMESTAMP()),TIMESTAMP('10','mm'))ORSIDISNOTNULL)Seealso:
ExpressionsHAVING
FilteringInputRecords
![Page 115: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/115.jpg)
©2004MicrosoftCorporation.Allrightsreserved.
![Page 116: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/116.jpg)
GROUPBY<group_by_clause> ::= GROUPBY<field_expr_list>[WITH
ROLLUP]
<field_expr_list> ::= <field_expr>[,<field_expr>...]
TheGROUPBYclausespecifiesthegroupsintowhichoutputrowsaretobeplacedand,ifaggregatefunctionsareincludedintheSELECTorHAVINGclauses,calculatestheaggregatefunctionsvaluesforeachgroup.
Arguments:
WITHROLLUPSpecifiesthatinadditiontotheusualrowsprovidedbyGROUPBY,summaryrowsareintroducedintotheresultset.Groupsaresummarizedinahierarchicalorder,fromthelowestlevelinthegrouptothehighest,andthecorrespondingsummaryrowscontainNULLvaluesforthegroupsthathavebeensummarized.Thegrouphierarchyisdeterminedbytheorderinwhichthegroupingfield-expressionsarespecified.Changingtheorderofthegroupingfield-expressionscanaffectthenumberofrowsproducedintheresultset.TheROLLUPoperatorisoftenusedwiththeGROUPINGaggregatefunction.
Remarks:WhenGROUPBYisspecified,eithereachnon-aggregateandnon-constantfield-expressionintheSELECTclauseshouldbeincludedin
![Page 117: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/117.jpg)
theGROUPBYfield-expressionlist,ortheGROUPBYfield-expressionlistmustmatchexactlytheSELECTclausefield-expressionlist.Formoreinformation,seeAggregatingDataWithinGroups.AggregatefunctionsusingtheDISTINCTkeyword,forexample,"COUNT(DISTINCTfield-expression)",arenotsupportedwhenusingtheGROUPBYclause.IftheORDERBYclauseisnotspecified,groupsreturnedusingtheGROUPBYclausearenotinanyparticularorder.ItisrecommendedthattheORDERBYclauseisalwaysusedtospecifyaparticularorderingofthedata.
Examples:
A.SimpleGROUPBYclauseThefollowingquery,onanIISW3Clogfile,returnsthenumberofrequestsforeachpageoneachday:
SELECTdate,cs-uri-stem,COUNT(*)FROMLogFiles\ex040528.logGROUPBYdate,cs-uri-stemAsampleoutputwouldbe:
datecs-uri-stemCOUNT(ALL*)-----------------------------------------2003-11-18/Default.htm12003-11-18/style.css12003-11-18/images/address.gif12003-11-18/cgi-bin/counts.exe12003-11-18/data/rulesinfo.nsf22003-11-19/data/rulesinfo.nsf62003-11-20/data/rulesinfo.nsf52003-11-20/maindefault.htm12003-11-20/top2.htm12003-11-20/homelog.swf1
B.UsingWITHROLLUPThefollowingexamplequeryisthesameasinthepreviousexample,usingtheWITHROLLUPargumenttodisplayadditionalsummaryrows:
SELECTdate,cs-uri-stem,COUNT(*)FROMLogFiles\ex040528.logGROUPBYdate,cs-uri-stemWITHROLLUPAsampleoutputwouldbe:
datecs-uri-stemCOUNT(ALL*)-----------------------------------------
![Page 118: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/118.jpg)
2003-11-18/Default.htm12003-11-18/style.css12003-11-18/images/address.gif12003-11-18/cgi-bin/counts.exe12003-11-18/data/rulesinfo.nsf22003-11-19/data/rulesinfo.nsf62003-11-20/data/rulesinfo.nsf52003-11-20/maindefault.htm12003-11-20/top2.htm12003-11-20/homelog.swf1--202003-11-18-62003-11-19-62003-11-20-8
Thegroupsummariesthathavebeenintroducedbytherollupoperatorare:
2003-11-18-62003-11-19-62003-11-20-8--20Whichrepresentthenumberofrequestsoneachday,regardlessofthepagerequested,andthetotalnumberofrequestsinthelogfile,regardlessoftheday.
Seealso:FieldExpressionsSELECT
AggregatingDataWithinGroups
©2004MicrosoftCorporation.Allrightsreserved.
![Page 119: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/119.jpg)
HAVING<having_clause> ::= HAVING<expression>
TheHAVINGclauseisusedtospecifyabooleanconditionthatmustbesatisfiedbyagroupforthegrouprecordtobeoutput.Groupsthatdonotsatisfytheconditionarediscarded.
Examples:
A.Simpleexpression
HAVINGEventID=501
B.Complexexpression
HAVINGSUM(sc-bytes)>100000AND(COUNT(*)>1000OREXTRACT_EXTENSION(cs-uri-stem)LIKE'htm')C.ComplexexpressionThefollowingexamplequeryretrievesalltheeventsourcesfromtheSystemeventlogthatgeneratedmorethan10events:
SELECTSourceNameFROMSystemGROUPBYSourceNameHAVINGCOUNT(*)>10
Seealso:ExpressionsWHERE
FilteringGroups
![Page 120: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/120.jpg)
©2004MicrosoftCorporation.Allrightsreserved.
![Page 121: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/121.jpg)
ORDERBY<order_by_clause> ::= ORDERBY<field_expr_list>[ASC|DESC]
<field_expr_list> ::= <field_expr>[,<field_expr>...]
TheORDERBYclausespecifieswhichSELECTclausefield-expressionsthequeryoutputrecordsshouldbesortedby.
Arguments:
ASCSpecifiesthatthefield-expressionlistvaluesshouldbesortedinascendingorder,fromlowestvaluetohighestvalue.ASCisthedefault.
DESCSpecifiesthatthefield-expressionlistvaluesshouldbesortedindescendingorder,fromhighestvaluetolowestvalue.
Remarks:TheLogParserSQL-Likelanguagerequiresthateachfield-expressionappearingintheORDERBYclausemustalsoappearintheSELECTclause.DifferentlythanthestandardSQLlanguage,intheLogParserSQL-LikelanguagetheDESCorASCsortdirectionappliestoallthefield-expressionsintheORDERBYclause.Inotherwords,itisnotpossibletospecifydifferentsortdirectionsfordifferentfield-expressions.NULLvaluesaretreatedasthelowestpossiblevalues.
![Page 122: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/122.jpg)
Examples:
A.Sortingbyasinglefield-expression
SELECTdate,cs-uri-stem,cs-uri-query,sc-bytesFROMLogFiles\ex040528.logORDERBYsc-bytesDESCB.Sortingbymultiplefield-expressions
SELECTdate,cs-uri-stem,cs-uri-query,sc-bytesFROMLogFiles\ex040528.logORDERBYdate,sc-bytes
Seealso:FieldExpressionsSELECT
SortingOutputRecords
©2004MicrosoftCorporation.Allrightsreserved.
![Page 123: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/123.jpg)
Expressions<expression> ::= <term1>[OR<expression>]
<term1> ::= <term2>[AND<term1>]
<term2> ::= <field_expr><rel_op><field_expr><field_expr>[NOT]LIKE<like_mask><field_expr>[NOT]BETWEEN<field_expr>AND<field_expr><field_expr>IS[NOT]NULL<field_expr>[NOT]IN(<value_rows>)<field_expr><rel_op>[ALL|ANY](<value_rows>)(<field_expr_list>)[NOT]IN(<value_rows>)(<field_expr_list>)<rel_op>[ALL|ANY](<value_rows>)NOT<term2>(<expression>)
<field_expr_list> ::= <field_expr>[,<field_expr>...]
<rel_op> ::= <><>=<=>=
<value_rows> ::= <value_row>[;<value_row>...]
![Page 124: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/124.jpg)
<value_row> ::= <value>[,<value>...]
AnexpressionisusedintheWHEREandHAVINGclausestospecifyconditionsthatmustbesatisfiedforinputrecordsorgrouprecordstobeoutput.
Operators:
<rel_op>Standardcomparisonoperators(lessthan,greatherthan,etc.).
[NOT]LIKEIndicatesthatthesubsequentcharacterstringistobeusedwithpatternmatching.Formoreinformation,seeLIKE.
[NOT]BETWEENSpecifiesaninclusiverangeofvalues.UseANDtoseparatethebeginningandendingvalues.Formoreinformation,seeBETWEEN.
IS[NOT]NULLTheISNULLandISNOTNULLoperatorsdeterminewhetherornotagivenfield-expressionisNULL.
[NOT]INTheINandNOTINoperatorsdeterminewhetherornotagivenfield-expressionorlistoffield-expressionsmatchesanyelementinalistofvalues.Formoreinformation,seeIN.
ALLUsedwithacomparisonoperatorandalistofvalues.ReturnsTRUEifallvaluesinthelistsatisfythecomparisonoperation,orFALSEif
![Page 125: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/125.jpg)
notallvaluessatisfythecomparison.IfnoALLnorANYisspecified,thenANYisassumedbydefault.Formoreinformation,seeALL.
ANYUsedwithacomparisonoperatorandalistofvalues.ReturnsTRUEifanyvalueinthelistsatisfiesthecomparisonoperation,orFALSEifnovaluessatisfythecomparison.IfnoALLnorANYisspecified,thenANYisassumedbydefault.Formoreinformation,seeANY.
Remarks:TheexpressioninaWHEREclausecannotreferenceSQL(aggregate)functions.Tospecifyconditionsonvaluesofaggregatefunctions,usetheHAVINGclause.Thereisnolimittothenumberofoperatorsthatcanbeincludedinanexpression.TheorderofprecedenceforthelogicaloperatorsisNOT(highest),followedbyAND,followedbyOR.Theorderofevaluationatthesameprecedencelevelisfromlefttoright.Parenthesescanbeusedtooverridethisorderinanexpression.
Examples:
A.Simpleexpression
sc-bytes>=1000
B.Complexexpression
EXTRACT_TOKEN(Strings,1,'|')LIKE'%logon&'AND(TimeGenerated>SUB(TO_LOCALTIME(SYSTEM_TIMESTAMP()),TIMESTAMP('10','mm'))ORSIDISNOTNULL
![Page 126: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/126.jpg)
)Seealso:ALLANYBETWEENINLIKE
ConstantValuesFieldExpressionsHAVINGWHERE
©2004MicrosoftCorporation.Allrightsreserved.
![Page 127: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/127.jpg)
ALL<field_expr><rel_op>ALL(<value_rows>)
(<field_expr_list>)<rel_op>ALL(<value_rows>)
TheALLoperatorcomparesagivenfield-expressionwithalistofvalues,returningTRUEifallvaluesinthelistsatisfythecomparisonoperation,orFALSEifnotallvaluessatisfythecomparison.
Examples
A.Singlefield-expressionThefollowingexampleexpressiondetermineswhetherornotthe"Year"fieldisgreaterthanallthevaluesinthespecifiedlist:
Year>ALL(1999;2000;2001)
B.Listoffield-expressionsThefollowingexampleexpressiondetermineswhetherornotthepairof"Year"and"Age"fieldsislessthanallthepairsofvaluesinthespecifiedlist:
(Year,Age)<ALL(1999,30;2001,40;2002,10)
Seealso:ANYExpressionsField-Expressions
![Page 128: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/128.jpg)
©2004MicrosoftCorporation.Allrightsreserved.
![Page 129: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/129.jpg)
ANY<field_expr><rel_op>ANY(<value_rows>)
(<field_expr_list>)<rel_op>ANY(<value_rows>)
TheANYoperatorcomparesagivenfield-expressionwithalistofvalues,returningTRUEifanyvalueinthelistsatisfiesthecomparisonoperation,orFALSEifnovaluessatisfythecomparison.
Examples
A.Singlefield-expressionThefollowingexampleexpressiondetermineswhetherornotthe"Year"fieldisgreaterthananyvalueinthespecifiedlist:
Year>ANY(1999;2000;2001)
B.Listoffield-expressionsThefollowingexampleexpressiondetermineswhetherornotthepairof"Year"and"Age"fieldsislessthananyofthepairsofvaluesinthespecifiedlist:
(Year,Age)<ANY(1999,30;2001,40;2002,10)
Seealso:ALLExpressionsField-Expressions
![Page 130: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/130.jpg)
©2004MicrosoftCorporation.Allrightsreserved.
![Page 131: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/131.jpg)
BETWEEN<field_expr>[NOT]BETWEEN<field_expr>AND<field_expr>
TheBETWEENoperatordeterminesifagivenfield-expressionbelongstoaspecifiedinterval.
Examples
A.BETWEENThefollowingexampleexpressiondeterminesifthe"Year"fieldbelongstothespecifiedinterval:
YearBETWEEN1999AND2004
Thisexampleisequivalenttothefollowingexpression:
Year>=1999ANDYear<=2004
B.NOTBETWEENThefollowingexampleexpressiondeterminesifthe"Year"fielddoesnotbelongtothespecifiedinterval:
YearNOTBETWEEN1999AND2004
Thisexampleisequivalenttothefollowingexpression:
Year<1999ORYear>2004
C.TIMESTAMPintervalThefollowingexamplequeryusestheFSInputFormattoreturnallthefilesthathavebeencreatedbetween4hoursagoand1hourago:
![Page 132: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/132.jpg)
SELECTPathFROMC:\MyDir\*.*WHERETO_UTCTIME(CreationTime)BETWEENSUB(SYSTEM_TIMESTAMP(),TIMESTAMP('4','h'))ANDSUB(SYSTEM_TIMESTAMP(),TIMESTAMP('1','h'))Seealso:
ExpressionsField-Expressions
©2004MicrosoftCorporation.Allrightsreserved.
![Page 133: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/133.jpg)
IN<field_expr>[NOT]IN(<value_rows>)
(<field_expr_list>)[NOT]IN(<value_rows>)
TheINandNOTINoperatorsdeterminewhetherornotagivenfield-expressionorlistoffield-expressionsmatchesanyelementinalistofvalues.
Remarks:Usethecommacharacter(,)toseparatevaluesinasinglelistrow,andusethesemicoloncharacter(;)toseparatelistrows.
Examples
A.Singlefield-expressionThefollowingexampleexpressiondeterminesifthe"Age"fieldmatchesanyvalueinthespecifiedlist:
AgeIN(20;30;45;60)
Thisexampleisequivalenttothefollowingexpression:
Age=20ORAge=30ORAge=45ORAge=60
B.Listoffield-expressionsThefollowingexampleexpressiondeterminesifthepairof"FirstName"and"State"fieldsmatchesanypairofvaluesinthespecifiedlist:
![Page 134: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/134.jpg)
(FirstName,State)IN('Johnson','OR';'Smith','WA')
Thisexampleisequivalenttothefollowingexpression:
(FirstName='Johnson'ANDState='OR')OR(FirstName='Smith'ANDState='WA')
Seealso:ExpressionsField-Expressions
©2004MicrosoftCorporation.Allrightsreserved.
![Page 135: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/135.jpg)
LIKE<field_expr>[NOT]LIKE<like_mask>
Determineswhetherornotagivencharacterstringmatchesaspecifiedpattern.Apatterncanincluderegularcharactersandwildcardcharacters.Duringpatternmatching,regularcharactersmustyieldacase-insensitivematchwiththecharactersspecifiedinthecharacterstring.Wildcardcharacters,however,canbematchedwitharbitraryfragmentsofthecharacterstring.UsingwildcardcharactersmakestheLIKEoperatormoreflexiblethanusingthe=and!=stringcomparisonoperators.
ThewildcardcharactersthatcanbeusedinaLIKEpatternare:
_(underscorecharacter):matchesanysinglecharacterExamples:
LIKE'ab_d':matchesallthefour-letterstringsthatstartwith"ab"andendwith"d"(e.g."abcd","AB+d")LIKE'a_c_':matchesallthefour-letterstringsthathave"a"inthefirstpositionand"c"inthethirdposition(e.g."abcd","Akck")
%(percentcharacter):matchesanystringofzeroormorecharactersExamples:
LIKE'%.asp'matchesallthestringsendingwith".asp"(e.g."/default.asp",".ASP")LIKE'%error%'matchesallthestringscontaining"error"(e.g."anerrorhasbeenfound","ERROR")
Remarks:SimilarlytoSTRINGconstants,charactersinaLIKEpatterncanbeescapedwiththe'\'(backslash)characterorencodedwiththe\uxxxxnotation.Wildcardpatternmatchingcharacterscanbeusedasliteralcharacters.Touseawildcardcharacterasaliteralcharacter,escapethewildcardcharacterwiththe'\'(backslash)character.
![Page 136: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/136.jpg)
Examples:LIKE'ab\_d':matchesthe"ab_d"string(e.g."ab_d","AB_d")LIKE'a\%c%':matchesallthestringsthatstartwith"a%c"(e.g."a%cdefg","A%c")
WhenexecutingaLogParserqueryfromwithinacommand-linebatchfile,usingthe%wildcardcharactermightyeldunexpectedresults.Forexample,considerthefollowingbatchfile:
@echooffLogParser"SELECT*FROMSYSTEMWHEREMessageLIKE'%ERROR%'"Whenthisbatchfileisexecuted,thecommand-lineshellinterpreterwillassumethat"%ERROR%"isareferencetoanenvironmentvariable,anditwilltrytoreplacethisstringwiththevalueoftheenvironmentvariable.Inmostcases,suchanenvironmentvariablewillnotexist,andtheactualcommandexecutedbytheshellwilllooklike:
LogParser"SELECT*FROMSYSTEMWHEREMessageLIKE''"
Whichwouldyeldthefollowingerror:
Error:SyntaxError:<term2>:novalidLIKEmask
Toavoidthisproblem,usedouble%%wildcardcharacterswhenwritingacommand-linebatchfile,asinthefollowingexample:
@echooffLogParser"SELECT*FROMSYSTEMWHEREMessageLIKE'%%ERROR%%'"
Examples
A.LIKEThefollowingexampleWHEREclausefindsalltheURL'sinanIISW3Clogfilethatendwith".htm":
WHEREcs-uri-stemLIKE'%.htm'
![Page 137: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/137.jpg)
B.NOTLIKEThefollowingexampleWHEREclausefindsalltheEventLogmessagesthatdonotcontain"error":
WHEREMessageNOTLIKE'%error%'
Seealso:ExpressionsField-Expressions
©2004MicrosoftCorporation.Allrightsreserved.
![Page 138: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/138.jpg)
Field-Expressions<field_expr> ::= <aggregate_function><function>
<field_name><alias><value>
Field-expressionsareacombinationofsymbolsandfunctionsthatLogParserevaluatestoobtainasingledatavalue.ThesearethebasicargumentsoftheSELECT,USING,WHERE,GROUPBY,HAVING,andORDERBYclauses.
Field-expressionscanbedividedconceptuallyintotwogroups:
Derivedfield-expressions:functionsoraggregatefunctionshavingotherfield-expressionsasarguments;Basicfield-expressions:constantvalues(includingfunctionswithnoarguments),namesofinputrecordfields,oraliasesdefinedintheSELECTorUSINGclauses.
Examples:
A.Basicfield-expressionsTheSELECTclauseinthefollowingexamplequeryspecifies"basic"field-expressionsonly:
SELECT'EventID:',EventID,SYSTEM_TIMESTAMP()FROMSystemB.Derivedfield-expressionsTheSELECTclauseinthefollowingexamplequeryspecifies"derived"field-expressionsonly:
![Page 139: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/139.jpg)
SELECTTO_UPPERCASE(cs-uri-stem),SUM(sc-bytes)FROM\MyLogs\ex042805.logGROUPBYTO_UPPERCASE(cs-uri-stem)
Seealso:AggregateFunctionsFunctionsConstantValuesFieldNamesandAliasesSELECTUSING
BasicsofaQuery
©2004MicrosoftCorporation.Allrightsreserved.
![Page 140: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/140.jpg)
FieldNamesandAliases<field_name> ::= [[]<string>[]]
<alias> ::= [[]<string>[]]
Fieldnamesarenamesoffieldsoftheinputrecordsgeneratedbyaninputformat.
Aliasesarealternativenamesforfield-expressions,assignedintheSELECTorUSINGclauses.Whenafield-expressionintheSELECTclausehasbeenaliased,outputformatswillusethealiasasthenameofthecorrespondingoutputrecordfield.Thealiasofafield-expressioncanbealsousedanywhereelseinthequeryasashortcutthatreferstotheoriginalfield-expression.
Remarks:Thefollowingcharactersarenotallowedinfieldnamesoraliases,unlessthefieldnameoraliasisenclosedinsquarebrackets([and]):
,;<>=!'"@*[]space
Fieldnamesandaliasescontainingspacesorillegalcharacterscanbeenclosedinsquarebrackets([and]),asinthefollowingexample:
SELECT[LastRequestTime],[email@address],CPUTimeas[ElapsedCPUTime]FROMperflog.csvWHERE[ElapsedCPUTime]>0Anycharacter(includingillegalcharactersandnon-printablecharacters)infieldnamesandaliasescanbealsoenteredusingthe\uxxxxnotation,wherexxxxisthe4-digithexadecimalrepresentationoftheUNICODEcharacter:
SELECTLast\u0020Request\u0020TimeFROMperflog.csv
![Page 141: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/141.jpg)
FieldnamesandaliasescannotmatchkeywordsorfunctionnamesoftheLogParserSQL-Likelanguage(e.g."FROM","ADD").Fieldnamesandaliasesarenotcase-sensitive.
Examples:
A.Basicfield-expressionsTheSELECTclauseinthefollowingexamplequeryspecifies"basic"field-expressionsonly:
SELECT'EventID:',EventID,SYSTEM_TIMESTAMP()FROMSystemB.Derivedfield-expressionsTheSELECTclauseinthefollowingexamplequeryspecifies"derived"field-expressionsonly:
SELECTTO_UPPERCASE(cs-uri-stem),SUM(sc-bytes)FROM\MyLogs\ex042805.logGROUPBYTO_UPPERCASE(cs-uri-stem)
Seealso:SELECTUSING
BasicsofaQuery
©2004MicrosoftCorporation.Allrightsreserved.
![Page 142: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/142.jpg)
AggregateFunctions<aggregate_function> ::= COUNT([DISTINCT|ALL]*)COUNT
([DISTINCT|ALL]<field_expr_list>)SUM([DISTINCT|ALL]<field_expr>)AVG([DISTINCT|ALL]<field_expr>)MAX([DISTINCT|ALL]<field_expr>)MIN([DISTINCT|ALL]<field_expr>)PROPCOUNT(*)[ON(<on_field_expr_list>)]PROPCOUNT(<field_expr_list>)[ON(<on_field_expr_list>)]PROPSUM(<field_expr>)[ON(<on_field_expr_list>)]GROUPING(<field_expr>)
Aggregatefunctionsperformacalculationonasetofvaluesbutreturnasingle,summarizingvalue.
AggregatefunctionsareoftenusedwiththeGROUPBYclause.WhenusedwithoutaGROUPBYclause,aggregatefunctionsperformcalculationsontheentiresetofinputrecords,returningasinglesummarizingvalueforthewholeset.WhenusedwithaGROUPBYclause,aggregatefunctionsperformcalculationsoneachsetofgrouprecords,returningasummarizingvalueforeachgroup.
Functions:
COUNT
![Page 143: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/143.jpg)
Returnsthenumberofitemsinagroup.Formoreinformation,seeCOUNT.
SUMReturnsthesumofthevaluesofthespecifiedfield-expression.Formoreinformation,seeSUM.
AVGReturnstheaverageacrossthevaluesofthespecifiedfield-expression.Formoreinformation,seeAVG.
MAXReturnsthemaximumvalueamongthevaluesofthespecifiedfield-expression.Formoreinformation,seeMAX.
MINReturnstheminimumvalueamongthevaluesofthespecifiedfield-expression.Formoreinformation,seeMIN.
PROPCOUNTReturnstheratiooftheCOUNTaggregatefunctioncalculatedonagrouptotheCOUNTaggregatefunctioncalculatedonahierarchicallyhighergroup.Formoreinformation,seePROPCOUNT.
PROPSUMReturnstheratiooftheSUMaggregatefunctioncalculatedonagrouptotheSUMaggregatefunctioncalculatedonahierarchicallyhighergroup.Formoreinformation,seePROPSUM.
GROUPING
![Page 144: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/144.jpg)
Returnsavalueof1whentherowisaddedbytheROLLUPoperatoroftheGROUPBYclause,or0whentherowisnottheresultofROLLUP.TheGROUPINGaggregatefunctionisallowedonlywhentheGROUPBYclausecontainstheROLLUPoperator.Formoreinformation,seeGROUPING.
Remarks:Aggregatefunctionsareallowedasfield-expressionsonlyintheSELECT,HAVING,andORDERBYclauses.Theargumentsofanaggregatefunctioncannotreferenceotheraggregatefunctions.Theargumentsofanaggregatefunctioncannotreferencethefollowingfunctions:SEQUENCEOUT_ROW_NUMBER
DISTINCTisallowedinaggregatefunctionsonlywhenthereisnoGROUPBYclause.
Examples:
A.COUNT(*)ThefollowingqueryreturnsthetotalnumberofeventsintheSystemeventlog:
SELECTCOUNT(*)FROMSystemB.COUNT(DISTINCT)ThefollowingqueryreturnsthetotalnumberofdistincteventsourcenamesintheSystemeventlog:
![Page 145: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/145.jpg)
SELECTCOUNT(DISTINCTSourceName)FROMSystemC.COUNT(*)andGROUPBYThefollowingqueryreturnsthetotalnumberofeventsgeneratedbyeacheventsourceintheSystemeventlog:
SELECTSourceName,COUNT(*)FROMSystemGROUPBYSourceNameD.SUMandGROUPBYThefollowingqueryreturnsthetotalnumberofbytessentforeachpageextensionloggedinthespecifiedIISW3Clogfile:
SELECTTO_LOWERCASE(EXTRACT_EXTENSION(cs-uri-stem))ASPageType,SUM(sc-bytes)FROMex031118.logGROUPBYPageType
E.PROPCOUNT(*),GROUPBY,andHAVINGThefollowingqueryreturnsthepagesthatrepresentmorethan10%oftherequestsinthespecifiedIISW3Clogfile:
SELECTcs-uri-stemFROMex031118.logGROUPBYcs-uri-stemHAVINGPROPCOUNT(*)>0.1
Seealso:COUNTSUMAVGMAXMINPROPCOUNTPROPSUMGROUPING
FunctionsSELECTHAVING
![Page 146: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/146.jpg)
GROUP_BY
AggregatingDataWithinGroupsCalculatingPercentages
©2004MicrosoftCorporation.Allrightsreserved.
![Page 147: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/147.jpg)
AVGAVG([DISTINCT|ALL]<field_expr>)
Returnstheaverageamongallthevalues,oronlytheDISTINCTvalues,ofthespecifiedfield-expression.
Arguments:
DISTINCTSpecifiesthatAVGreturnstheaverageofuniquevalues.DISTINCTcanonlybeusedwhenthequerydoesnotmakeuseoftheGROUPBYclause.
ALLAppliestheaggregatefunctiontoallvalues.ALListhedefault.
<field_expr>Thefield-expressionwhosevaluesaretobeaveraged.Thefield-expressiondatatypemustbeINTEGERorREAL.
ReturnType:
INTEGERorREAL,dependingontheargumentfield-expression.
Remarks:NULLvaluesareignoredbytheAVGaggregatefunction.Aggregatefunctionsareallowedasfield-expressionsonlyintheSELECT,HAVING,andORDERBYclauses.
![Page 148: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/148.jpg)
Theargumentsofanaggregatefunctioncannotreferenceotheraggregatefunctions.Theargumentsofanaggregatefunctioncannotreferencethefollowingfunctions:SEQUENCEOUT_ROW_NUMBER
DISTINCTisallowedinaggregatefunctionsonlywhenthereisnoGROUPBYclause.
Examples:
A.AVGThefollowingqueryreturnstheaveragenumberofbytesforexecutablefilesinthe"system32"directory,usingtheFSinputformat:
SELECTAVG(Size)FROMC:\windows\system32\*.*WHERETO_LOWERCASE(EXTRACT_EXTENSION(Name))='exe'B.AVGandGROUPBYThefollowingqueryreturnstheaveragetimespentbyeachpageextensionloggedinthespecifiedIISW3Clogfile:
SELECTTO_LOWERCASE(EXTRACT_EXTENSION(cs-uri-stem))ASPageType,AVG(time-taken)FROMex031118.logGROUPBYPageTypeSeealso:
COUNTSUMMAXMINPROPCOUNTPROPSUM
![Page 149: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/149.jpg)
GROUPING
AggregateFunctions
AggregatingDataWithinGroups
©2004MicrosoftCorporation.Allrightsreserved.
![Page 150: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/150.jpg)
COUNTCOUNT([DISTINCT|ALL]*)COUNT([DISTINCT|ALL]<field_expr_list>)
<field_expr_list> ::= <field_expr>[,<field_expr>...]
Returnsthenumberofitemsinagroup.
Arguments:
DISTINCTSpecifiesthatCOUNTreturnsthenumberofuniquevalues.DISTINCTcanonlybeusedwhenthequerydoesnotmakeuseoftheGROUPBYclause.
ALLAppliestheaggregatefunctiontoallvalues.ALListhedefault.
*Specifiesthatallrecordsshouldbecountedtoreturnthetotalnumberofrecords,includingrecordsthatcontainNULLvalues.
<field_expr_list>Specifiesthatonlyrecordsforwhichatleastoneofthespecifiedfield-expressionsisnon-NULLshouldbecounted.
ReturnType:
![Page 151: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/151.jpg)
INTEGER
Remarks:Aggregatefunctionsareallowedasfield-expressionsonlyintheSELECT,HAVING,andORDERBYclauses.Theargumentsofanaggregatefunctioncannotreferenceotheraggregatefunctions.Theargumentsofanaggregatefunctioncannotreferencethefollowingfunctions:SEQUENCEOUT_ROW_NUMBER
DISTINCTisallowedinaggregatefunctionsonlywhenthereisnoGROUPBYclause.
Examples:
A.COUNT(*)ThefollowingqueryreturnsthetotalnumberofeventsintheSystemeventlog:
SELECTCOUNT(*)FROMSystemB.COUNT(DISTINCT)ThefollowingqueryreturnsthetotalnumberofdistincteventsourcenamesintheSystemeventlog:
SELECTCOUNT(DISTINCTSourceName)FROMSystemC.COUNT(*)andGROUPBYThefollowingqueryreturnsthetotalnumberofeventsgeneratedby
![Page 152: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/152.jpg)
eacheventsourceintheSystemeventlog:
SELECTSourceName,COUNT(*)FROMSystemGROUPBYSourceNameD.COUNT(field-expression)Thefollowingqueryreturnsthetotalnumberofnon-nullvaluesforthe"cs-username"fieldinthespecifiedIISW3Clogfile:
SELECTCOUNT(cs-username)FROMex040528.logE.COUNT(*)andWHEREThefollowingqueryreturnsthetotalnumberofrequeststoapageloggedinthespecifiedIISW3Clogfile:
SELECTCOUNT(*)FROMex040528.logWHEREcs-uri-stem='/home.asp'F.COUNT(*),GROUPBY,andHAVINGThefollowingqueryreturnsthepagesinthespecifiedIISW3Clogfilethathavebeenrequestedmorethan50times:
SELECTcs-uri-stemFROMex040528.logGROUPBYcs-uri-stemHAVINGCOUNT(*)>50
Seealso:SUMAVGMAXMINPROPCOUNTPROPSUMGROUPING
AggregateFunctions
AggregatingDataWithinGroups
![Page 153: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/153.jpg)
©2004MicrosoftCorporation.Allrightsreserved.
![Page 154: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/154.jpg)
GROUPINGGROUPING(<field_expr>)
Returnsavalueof1whentherowisaddedbytheROLLUPoperatoroftheGROUPBYclause,or0whentherowisnottheresultofROLLUP.GROUPINGisusedtodistinguishtheNULLvaluesreturnedbyROLLUPfromstandardNULLvalues.TheNULLreturnedastheresultofaROLLUPoperationisaspecialuseofNULL.Itactsasavalueplaceholderintheresultsetandmeans"all".
Arguments:
<field_expr>TheGROUPBYfield-expressioncheckedfornullvalues.
ReturnType:
INTEGER
Remarks:TheGROUPINGaggregatefunctionisallowedonlywhentheGROUPBYclausecontainstheROLLUPoperator.Aggregatefunctionsareallowedasfield-expressionsonlyintheSELECT,HAVING,andORDERBYclauses.Theargumentsofanaggregatefunctioncannotreferenceotheraggregatefunctions.Theargumentsofanaggregatefunctioncannotreferencethefollowingfunctions:
![Page 155: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/155.jpg)
SEQUENCEOUT_ROW_NUMBER
Examples:
A.GROUPINGThefollowingquery,onanIISW3Clogfile,returnsthenumberofrequestsforeachpageoneachday,andusestheROLLUPoperatortoalsodisplaysummaryrowsshowingthenumberofrequestsforeachday,andthetotalnumberofrequests:
SELECTdate,cs-uri-stem,COUNT(*),GROUPING(date)ASGDate,GROUPING(cs-uri-stem)ASGPageFROMex040528.logGROUPBYdate,cs-uri-stemWITHROLLUPAsampleoutputwouldbe:
datecs-uri-stemCOUNT(ALL*)GDateGPage---------------------------------------------------2003-11-18/Default.htm1002003-11-18/style.css1002003-11-18/images/address.gif1002003-11-18/cgi-bin/counts.exe1002003-11-18/data/rulesinfo.nsf2002003-11-19/data/rulesinfo.nsf6002003-11-20/data/rulesinfo.nsf5002003-11-20/maindefault.htm1002003-11-20/top2.htm1002003-11-20/homelog.swf100--20112003-11-18-6012003-11-19-6012003-11-20-801
Thevaluesofthe"GDate"fieldare1onlyfortherowsinwhichthe"date"fieldisNULLduetotheintroductionoftheROLLUPsummaryrows.Similarly,thevaluesofthe"GPage"fieldare1onlyfortherowsinwhichthe"cs-uri-stem"fieldisNULLduetotheintroductionoftheROLLUPsummaryrows.
Seealso:COUNTSUMAVGMAXMINPROPCOUNTPROPSUM
![Page 156: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/156.jpg)
GROUPBYAggregateFunctions
AggregatingDataWithinGroups
©2004MicrosoftCorporation.Allrightsreserved.
![Page 157: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/157.jpg)
MAXMAX([DISTINCT|ALL]<field_expr>)
Returnsthemaximumvalueamongallthevaluesofthespecifiedfield-expression.
Arguments:
DISTINCTSpecifiesthatMAXreturnsthemaximumvalueofuniquevalues.DISTINCTisnotmeaningfulwithMAXandisavailableforSQL-92compatibilityonly.DISTINCTcanonlybeusedwhenthequerydoesnotmakeuseoftheGROUPBYclause.
ALLAppliestheaggregatefunctiontoallvalues.ALListhedefault.
<field_expr>Thefield-expressionamongwhosevaluesthemaximumistobefound.Thefield-expressioncanbeofanydatatype.
ReturnType:
Thereturnedtypeisthesameastheargumentfield-expression.
Remarks:
![Page 158: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/158.jpg)
NULLvaluesareignoredbytheMAXaggregatefunction.Aggregatefunctionsareallowedasfield-expressionsonlyintheSELECT,HAVING,andORDERBYclauses.Theargumentsofanaggregatefunctioncannotreferenceotheraggregatefunctions.Theargumentsofanaggregatefunctioncannotreferencethefollowingfunctions:SEQUENCEOUT_ROW_NUMBER
DISTINCTisallowedinaggregatefunctionsonlywhenthereisnoGROUPBYclause.
Examples:
A.MAXThefollowingqueryreturnsthesizeofthelargestexecutablefileinthe"system32"directory,usingtheFSinputformat:
SELECTMAX(Size)FROMC:\windows\system32\*.*WHERETO_LOWERCASE(EXTRACT_EXTENSION(Name))='exe'B.MAXandGROUPBYThefollowingqueryreturnsthelongesttimespentbyeachpageextensionloggedinthespecifiedIISW3Clogfile:
SELECTTO_LOWERCASE(EXTRACT_EXTENSION(cs-uri-stem))ASPageType,MAX(time-taken)FROMex031118.logGROUPBYPageTypeSeealso:
COUNTSUMAVG
![Page 159: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/159.jpg)
MINPROPCOUNTPROPSUMGROUPING
AggregateFunctions
AggregatingDataWithinGroups
©2004MicrosoftCorporation.Allrightsreserved.
![Page 160: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/160.jpg)
MINMIN([DISTINCT|ALL]<field_expr>)
Returnstheminimumvalueamongallthevaluesofthespecifiedfield-expression.
Arguments:
DISTINCTSpecifiesthatMINreturnstheminimumvalueofuniquevalues.DISTINCTisnotmeaningfulwithMINandisavailableforSQL-92compatibilityonly.DISTINCTcanonlybeusedwhenthequerydoesnotmakeuseoftheGROUPBYclause.
ALLAppliestheaggregatefunctiontoallvalues.ALListhedefault.
<field_expr>Thefield-expressionamongwhosevaluestheminimumistobefound.Thefield-expressioncanbeofanydatatype.
ReturnType:
Thereturnedtypeisthesameastheargumentfield-expression.
Remarks:
![Page 161: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/161.jpg)
NULLvaluesareignoredbytheMINaggregatefunction.Aggregatefunctionsareallowedasfield-expressionsonlyintheSELECT,HAVING,andORDERBYclauses.Theargumentsofanaggregatefunctioncannotreferenceotheraggregatefunctions.Theargumentsofanaggregatefunctioncannotreferencethefollowingfunctions:SEQUENCEOUT_ROW_NUMBER
DISTINCTisallowedinaggregatefunctionsonlywhenthereisnoGROUPBYclause.
Examples:
A.MINThefollowingqueryreturnsthesizeofthesmallestexecutablefileinthe"system32"directory,usingtheFSinputformat:
SELECTMIN(Size)FROMC:\windows\system32\*.*WHERETO_LOWERCASE(EXTRACT_EXTENSION(Name))='exe'B.MINandGROUPBYThefollowingqueryreturnstheshortestandthelongesttimespentbyeachpageextensionloggedinthespecifiedIISW3Clogfile:
SELECTTO_LOWERCASE(EXTRACT_EXTENSION(cs-uri-stem))ASPageType,MIN(time-taken),MAX(time-taken)FROMex031118.logGROUPBYPageType
Seealso:COUNTSUMAVG
![Page 162: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/162.jpg)
MAXPROPCOUNTPROPSUMGROUPING
AggregateFunctions
AggregatingDataWithinGroups
©2004MicrosoftCorporation.Allrightsreserved.
![Page 163: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/163.jpg)
PROPCOUNTPROPCOUNT(*)[ON(<on_field_expr_list>)]PROPCOUNT(<field_expr_list>)[ON(<on_field_expr_list>)]
<field_expr_list> ::= <field_expr>[,<field_expr>...]
<on_field_expr_list> ::= <field_expr>[,<field_expr>...]
ReturnstheratiooftheCOUNTaggregatefunctioncalculatedonagrouptotheCOUNTaggregatefunctioncalculatedonahierarchicallyhighergroup.
Arguments:
*Specifiesthatallrecordsshouldbecountedtoreturnthetotalnumberofrecords,includingrecordsthatcontainNULLvalues.
<field_expr_list>Specifiesthatonlyrecordsforwhichatleastoneofthespecifiedfield-expressionsisnon-NULLshouldbecounted.
<on_field_expr_list>ListofGROUPBYfield-expressionsidentifyingthehierarchicallyhighergrouponwhichthedenominatorCOUNTaggregatefunctionistobecalculated.Thislistoffield-expressionsmustbeaproperprefixoftheGROUPBYfield-expressions,thatis,itmustcontain,inthesameorder,asubsetofthefield-expressionsspecifiedintheGROUPBYclause,startingwiththeleftmostGROUPBYfield-expression.
![Page 164: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/164.jpg)
Whenthislistoffield-expressionsisnotspecified,thedenominatorCOUNTaggregatefunctioniscalculatedonthewholesetofinputrecords.
ReturnType:
REAL
Remarks:WhenusedwithoutaGROUPBYclause,thePROPCOUNTaggregatefunctionalwaysreturns1.0.Infact,inthiscasetheonlyhierarchicallyhighergroupavailableisthewholesetofinputrecords,andtherationumeratoranddenominatorarecalculatedonthesameset.Toobtainapercentage,multiplythereturnvalueofthePROPCOUNTaggregatefunctionby100.0,usingtheMULfunction.Aggregatefunctionsareallowedasfield-expressionsonlyintheSELECT,HAVING,andORDERBYclauses.Theargumentsofanaggregatefunctioncannotreferenceotheraggregatefunctions.Theargumentsofanaggregatefunctioncannotreferencethefollowingfunctions:SEQUENCEOUT_ROW_NUMBER
Examples:
A.PROPCOUNT(*)ThefollowingqueryreturnsthepercentageofeventsforeachsourceintheSystemeventlog:
![Page 165: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/165.jpg)
SELECTSourceName,MUL(PROPCOUNT(*),100.0)ASPercentFROMSystemGROUPBYSourceNameAsampleoutputofthisqueryis:
SourceNamePercent--------------------------------EventLog10.322979ServiceControlManager63.004172AtiHotKeyPoller3.430691ApplicationPopup0.108175W32Time14.680884DCOM0.046361NtServicePack0.185443Win32k0.324525RemoteAccess2.194406GEMPCC0.509968SCardSvr0.509968Dhcp0.262711i8042prt0.015454Print0.030907Tcpip0.077268Workstation0.015454NETLOGON1.869881DnsApi2.240766Kerberos0.169989
The"Percent"outputrecordfieldshowstheratioofthenumberofeventsloggedbyasourcetothetotalnumberofeventsintheeventlog.
Inthisexample,thecalculationperformedbythePROPCOUNTaggregatefunctionisequivalenttoexecutingthefollowingtwoqueriesandcalculatingtheratioofthetwoaggregatefunctionsforeacheventlogsource:
SELECTSourceName,COUNT(*)ASNumeratorFROMSystemGROUPBYSourceNameSELECTCOUNT(*)ASDenominatorFROMSystemB.UsingONThefollowingqueryusestheIISW3CInputFormattoparseIISlogfilesandcalculatethepercentageofhitsforapagetypeandHTTPstatuscoderelativetothenumberofhitsforthatpagetype(i.e.thedistributionofHTTPstatuscodeswithineachpagetype):
SELECTEXTRACT_EXTENSION(cs-uri-stem)ASPageType,sc-status,MUL(PROPCOUNT(*)ON(PageType),100.0)ASHitsFROMex040528.logGROUPBYPageType,sc-statusORDERBYPageType,sc-status
Asampleoutputofthisqueryis:
PageTypesc-statusHits---------------------------asp200100.000000class20020.000000class30480.000000css20013.636364css30445.454545
ForeachpagetypeandHTTPstatuscode,the"Hits"outputrecordfieldshowstheratioofthenumberofrequestsforthatpagetypeandHTTPstatuscodetothetotalnumberofrequestsforthatpagetype.
Inthisexample,thecalculationperformedbythePROPCOUNT
![Page 166: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/166.jpg)
css40440.909091dll500100.000000exe200100.000000gif20021.025641gif30476.923077gif4042.051282htm20029.565217htm30468.695652htm4041.739130html404100.000000jpg20022.077922jpg30477.922078js20036.363636js30463.636364nsf20090.845070nsf3020.704225nsf3046.338028nsf4032.112676swf20027.272727swf30472.727273
aggregatefunctionisequivalenttoexecutingthefollowingtwoqueriesandcalculatingtheratioofthetwoaggregatefunctionsforeachpagetypeandHTTPstatus:
SELECTEXTRACT_EXTENSION(cs-uri-stem)ASPageType,sc-status,COUNT(*)ASNumeratorFROMex040528.logGROUPBYPageType,sc-statusORDERBYPageType,sc-status
SELECTEXTRACT_EXTENSION(cs-uri-stem)ASPageType,COUNT(*)ASDenominatorFROMex040528.logGROUPBYPageTypeORDERBYPageTypeSeealso:
COUNTSUMAVGMAXMINPROPSUMGROUPING
AggregateFunctions
AggregatingDataWithinGroupsCalculatingPercentages
©2004MicrosoftCorporation.Allrightsreserved.
![Page 167: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/167.jpg)
PROPSUMPROPSUM(<field_expr>)[ON(<on_field_expr_list>)]
<on_field_expr_list> ::= <field_expr>[,<field_expr>...]
ReturnstheratiooftheSUMaggregatefunctioncalculatedonagrouptotheSUMaggregatefunctioncalculatedonahierarchicallyhighergroup.
Arguments:
<field_expr>Thefield-expressionwhosevaluesaretobesummed.Thefield-expressiondatatypemustbeINTEGERorREAL.
<on_field_expr_list>ListofGROUPBYfield-expressionsidentifyingthehierarchicallyhighergrouponwhichthedenominatorSUMaggregatefunctionistobecalculated.Thislistoffield-expressionsmustbeaproperprefixoftheGROUPBYfield-expressions,thatis,itmustcontain,inthesameorder,asubsetofthefield-expressionsspecifiedintheGROUPBYclause,startingwiththeleftmostGROUPBYfield-expression.Whenthislistoffield-expressionsisnotspecified,thedenominatorSUMaggregatefunctioniscalculatedonthewholesetofinputrecords.
ReturnType:
REAL
![Page 168: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/168.jpg)
Remarks:WhenusedwithoutaGROUPBYclause,thePROPSUMaggregatefunctionalwaysreturns1.0.Infact,inthiscasetheonlyhierarchicallyhighergroupavailableisthewholesetofinputrecords,andtherationumeratoranddenominatorarecalculatedonthesameset.Toobtainapercentage,multiplythereturnvalueofthePROPSUMaggregatefunctionby100.0,usingtheMULfunction.Aggregatefunctionsareallowedasfield-expressionsonlyintheSELECT,HAVING,andORDERBYclauses.Theargumentsofanaggregatefunctioncannotreferenceotheraggregatefunctions.Theargumentsofanaggregatefunctioncannotreferencethefollowingfunctions:SEQUENCEOUT_ROW_NUMBER
Examples:
A.PROPSUMThefollowingqueryusestheIISW3CInputFormattoparseIISlogfilesandcalculatethepercentageofbytessentforeachpagetype:
SELECTEXTRACT_EXTENSION(cs-uri-stem)ASPageType,MUL(PROPSUM(sc-bytes),100.0)ASPercentBytesFROMex040528.logGROUPBYPageTypeAsampleoutputofthisqueryis:
PageTypePercentBytes--------------------htm7.236737css1.035243gif23.772064
The"PercentBytes"outputrecordfieldshowstheratioofthebytessentforeachpagetypetothetotalnumberofbytessentinthelog.
![Page 169: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/169.jpg)
exe1.398888nsf24.459391swf32.528669jpg8.003440html0.104051dll0.002322asp0.000000js1.260613class0.198582
Inthisexample,thecalculationperformedbythePROPSUMaggregatefunctionisequivalenttoexecutingthefollowingtwoqueriesandcalculatingtheratioofthetwoaggregatefunctionsforeachpagetype:
SELECTEXTRACT_EXTENSION(cs-uri-stem)ASPageType,SUM(sc-bytes)ASNumeratorFROMex040528.logGROUPBYPageTypeSELECTSUM(sc-bytes)ASDenominatorFROMex040528.logB.UsingONThefollowingqueryusestheIISW3CInputFormattoparseIISlogfilesandcalculatethepercentageofbytessentforeachpagetypeandHTTPstatuscoderelativetothetotalbytessentforthatpagetype(i.e.thedistributionofHTTPstatuscoderesponsebyteswithineachpagetype):
SELECTEXTRACT_EXTENSION(cs-uri-stem)ASPageType,sc-status,MUL(PROPSUM(sc-bytes)ON(PageType),100.0)ASPercentBytesFROMex040528.logGROUPBYPageType,sc-statusORDERBYPageType,sc-status
Asampleoutputofthisqueryis:
PageTypesc-statusPercentBytes-----------------------------asp2000.000000class20092.591620class3047.408380css2006.039609css3043.502318css40490.458073dll500100.000000exe200100.000000gif20087.811668gif3046.935887gif4045.252445htm20092.926606htm3044.197755htm4042.875639
ForeachpagetypeandHTTPstatuscode,the"PercentBytes"outputrecordfieldshowstheratiooftheresponsebytesforthatpagetypeandHTTPstatuscodetothetotalresponsebytesforthatpagetype.
Inthisexample,thecalculationperformedbythePROPSUMaggregatefunctionisequivalenttoexecutingthefollowingtwoqueriesandcalculatingtheratioofthetwoaggregatefunctionsforeachpagetypeandHTTPstatus:
SELECTEXTRACT_EXTENSION(cs-uri-stem)ASPageType,sc-status,SUM(sc-bytes)ASNumeratorFROMex040528.logGROUPBYPageType,sc-statusSELECTEXTRACT_EXTENSION(cs-uri-stem)ASPageType,SUM(sc-bytes)ASDenominator
![Page 170: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/170.jpg)
html404100.000000jpg20097.245679jpg3042.754321js20097.963913js3042.036087nsf20099.604883nsf3020.050656nsf3040.281114nsf4030.063347swf20099.910188swf3040.089812
ORDERBYPageType,sc-statusFROMex040528.logGROUPBYPageTypeORDERBYPageType
C.PROPSUM,GROUPBY,andHAVINGThefollowingqueryusestheIISW3CInputFormattoparseIISlogfilesandreturnthepagetypesthatrepresentmorethan10%ofthetotalbytessent:
SELECTEXTRACT_EXTENSION(cs-uri-stem)ASPageTypeFROMex040528.logGROUPBYPageTypeHAVINGPROPSUM(sc-bytes)>0.1
Seealso:COUNTSUMAVGMAXMINPROPCOUNTGROUPING
AggregateFunctions
AggregatingDataWithinGroupsCalculatingPercentages
©2004MicrosoftCorporation.Allrightsreserved.
![Page 171: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/171.jpg)
SUMSUM([DISTINCT|ALL]<field_expr>)
Returnsthesumofallthevalues,oronlytheDISTINCTvalues,ofthespecifiedfield-expression.
Arguments:
DISTINCTSpecifiesthatSUMreturnsthesumofuniquevalues.DISTINCTcanonlybeusedwhenthequerydoesnotmakeuseoftheGROUPBYclause.
ALLAppliestheaggregatefunctiontoallvalues.ALListhedefault.
<field_expr>Thefield-expressionwhosevaluesaretobesummed.Thefield-expressiondatatypemustbeINTEGERorREAL.
ReturnType:
INTEGERorREAL,dependingontheargumentfield-expression.
Remarks:NULLvaluesareignoredbytheSUMaggregatefunction.Aggregatefunctionsareallowedasfield-expressionsonlyintheSELECT,HAVING,andORDERBYclauses.
![Page 172: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/172.jpg)
Theargumentsofanaggregatefunctioncannotreferenceotheraggregatefunctions.Theargumentsofanaggregatefunctioncannotreferencethefollowingfunctions:SEQUENCEOUT_ROW_NUMBER
DISTINCTisallowedinaggregatefunctionsonlywhenthereisnoGROUPBYclause.
Examples:
A.SUMThefollowingqueryreturnsthetotalnumberofbytesforexecutablefilesinthe"system32"directory,usingtheFSinputformat:
SELECTSUM(Size)FROMC:\windows\system32\*.*WHERETO_LOWERCASE(EXTRACT_EXTENSION(Name))='exe'B.SUMandGROUPBYThefollowingqueryreturnsthetotalnumberofbytessentforeachpageextensionloggedinthespecifiedIISW3Clogfile:
SELECTTO_LOWERCASE(EXTRACT_EXTENSION(cs-uri-stem))ASPageType,SUM(sc-bytes)FROMex031118.logGROUPBYPageTypeSeealso:
COUNTAVGMAXMINPROPCOUNTPROPSUMGROUPING
![Page 173: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/173.jpg)
AggregateFunctions
AggregatingDataWithinGroups
©2004MicrosoftCorporation.Allrightsreserved.
![Page 174: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/174.jpg)
Functions<function> ::= <function_name>(<argument_list>)
<argument_list> ::= <field_expr>[,<field_expr>...]
<empty>
LogParserfunctionstakezeroormorefield-expressionsasarguments,processthearguments,andreturnasinglevalue.
Remarks:Generally,functionsthattakenoargumentsandfunctionswhoseargumentsareconstantvaluesareexecutedandreplacedwiththereturnvaluebeforethequeryisprocessed.Asanexample,thefollowingqueryusesafunctionwithnoargumentsandafunctionwithconstantarguments:
SELECTCOMPUTER_NAME(),SUM(4,5),TimeGeneratedFROMSystemBeforebeingprocessed,thequeryismodifiedasfollows:
SELECT'MYSERVER0',9,TimeGeneratedFROMSystemTheonlyzero-argumentfunctionsthatarenotreplacedwiththeirreturnvaluebeforethequeryisprocessedare:SEQUENCEIN_ROW_NUMBEROUT_ROW_NUMBER
![Page 175: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/175.jpg)
Functions:
ArithmeticalADDBIT_ANDBIT_NOTBIT_ORBIT_SHLBIT_SHRBIT_XORDIVEXPEXP10FLOORLOGLOG10MODMULQNTFLOOR_TO_DIGITQNTROUND_TO_DIGITQUANTIZEROUNDSQRSQRROOTSUB
ConversionHEX_TO_INTINT_TO_IPV4IPV4_TO_INTTO_DATETO_HEXTO_INTTO_LOCALTIME
![Page 176: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/176.jpg)
TO_REALTO_STRINGTO_TIMETO_TIMESTAMPTO_UTCTIME
StringManipulationEXTRACT_EXTENSIONEXTRACT_FILENAMEEXTRACT_PATHEXTRACT_PREFIXEXTRACT_SUFFIXEXTRACT_TOKENEXTRACT_VALUEHEX_TO_ASCHEX_TO_HEX16HEX_TO_HEX32HEX_TO_HEX8HEX_TO_PRINTINDEX_OFLAST_INDEX_OFLTRIMREPLACE_CHRREPLACE_STRROT13RTRIMSTRCATSTRCNTSTRLENSTRREPEATSTRREVSUBSTRTO_LOWERCASETO_UPPERCASETRIM
![Page 177: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/177.jpg)
URLESCAPEURLUNESCAPE
SystemInformationCOMPUTER_NAMERESOLVE_SIDREVERSEDNSSYSTEM_DATESYSTEM_TIMESYSTEM_TIMESTAMPSYSTEM_UTCOFFSET
MiscellaneousCASECOALESCEHASHMD5_FILEHASHSEQIN_ROW_NUMBEROUT_ROW_NUMBERREPLACE_IF_NOT_NULLSEQUENCEWIN32_ERROR_DESCRIPTION
Note:TheREPLACE_IF_NULLfunctionhasbeendeprecatedinfavoroftheCOALESCEfunction.
Seealso:AggregateFunctions
![Page 178: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/178.jpg)
ConstantValuesFieldExpressions
©2004MicrosoftCorporation.Allrightsreserved.
![Page 179: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/179.jpg)
ConstantValues<value> ::= <integer_constant>
<real_constant><string_constant><timestamp_constant><null_constant>
<integer_constant> ::= integer0xhexadecimal
<real_constant> ::= integer_part.fractional_part
<string_constant> ::= 'string'
<timestamp_constant> ::= TIMESTAMP('timestamp','format')
<null_constant> ::= NULL
Constantsareimmutablefield-expressions,andtheyaremostlyusedinexpressionsorasargumentsoffunctions.
Constants:
<integer_constant>ConstantvaluesoftheINTEGERtypecanbeenteredasdecimalnumbers,orashexadecimalnumbersprecededbythe"0x"prefix.FormoreinformationabouttheLogParserINTEGERdatatype,seeINTEGERDataType.
<real_constant>
![Page 180: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/180.jpg)
ConstantvaluesoftheREALtypeareenteredasdecimalnumberscontainingadecimalpoint.FormoreinformationabouttheLogParserREALdatatype,seeREALDataType.
<string_constant>ConstantvaluesoftheSTRINGtypeareenteredasstringsenclosedbysinglequotecharacters(').Thesinglequotecharacter(')andthebackslashcharacter(\)areconsideredspecialcharactersinastringconstant,andtheycanonlybeenteredasescapesequencesprecededbyabackslashcharacter(\'and\\),asinthefollowingexample:
'Contains\'singlequoteand\\backslash'
Inaddition,anycharacter(includingillegalcharactersandnon-printablecharacters)canbeenteredusingthe\uxxxxnotation,wherexxxxisthe4-digithexadecimalrepresentationofthedesiredUNICODEcharacter,asinthefollowingexample:
'Contains\u0009tabs'
FormoreinformationabouttheLogParserSTRINGdatatype,seeSTRINGDataType.
<timestamp_constant>ConstantvaluesoftheTIMESTAMPtypeareenteredwiththespecialTIMESTAMPkeyword,followedbyastringrepresentationofthedesiredtimestamp,andbytheformatofthestringrepresentationofthedesiredtimestamp,usingtheLogParserTimestampFormatSpecifiers.Ifthetimestampformatspecifiersincludedatespecifiersonly,theresultingTIMESTAMPvaluewillbeadate-onlytimestamp.Similarly,ifthetimestampformatspecifiersincludetimeofdayspecifiersonly,theresultingTIMESTAMPvaluewillbeatime-onlytimestamp.FormoreinformationabouttheLogParserTIMESTAMPdatatype,
![Page 181: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/181.jpg)
seeTIMESTAMPDataType.
<null_constant>ConstantvaluesoftheNULLtypeareenteredwiththespecialNULLkeyword.FormoreinformationabouttheLogParserNULLdatatype,seeNULLDataType.
Remarks:Integerconstantsenteredashexadecimalnumbersareconvertedinternallytodecimalvalues.Toforceanoutputformattodisplayanintegerfield-expressionasanhexadecimalvalue,usetheTO_HEXfunction.
Examples:
A.Integerconstantenteredasdecimalnumber
sc-bytes>=1000
B.Integerconstantenteredashexadecimalnumber
BIT_AND(Flags,0x1000)
C.Realconstant
AVG(time-taken)<75.45
D.Stringconstant
'Somestring'
![Page 182: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/182.jpg)
E.Stringconstantcontainingspecialcharacters
'Contains\'singlequoteand\\backslash'
F.StringconstantcontainingUNICODEcharacters
'Containsa\u2530UNICODEcharacter'
G.Timestampconstant
TimeGenerated>TIMESTAMP('2004-05-2819:12:43','yyyy-MM-ddhh:mm:ss')H.Date-onlytimestampconstant
date>TIMESTAMP('2004-05-28','yyyy-MM-dd')
I.Time-onlytimestampconstant
time>TIMESTAMP('19:12:43','hh:mm:ss')
J.NULLconstant
Message<>NULL
Seealso:FieldExpressionsINTEGERDataTypeREALDataTypeSTRINGDataTypeTIMESTAMPDataTypeNULLDataType
BasicsofaQuery
![Page 183: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/183.jpg)
©2004MicrosoftCorporation.Allrightsreserved.
![Page 184: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/184.jpg)
Comments<comment> ::= /*text_of_comment*/
--text_of_comment
Commentsareuser-providedtextnotevaluatedbyLogParser,usedtodocumentcodeortemporarilydisablepartsofquerystatements.
Remarks:Use--forsingle-lineornestedcomments.Commentsinsertedwith--aredelimitedbythenewlinecharacter.Multiple-linecommentsmustbeindicatedby/*and*/.Thereisnomaximumlengthforcomments.
Examples:
A.Single-linecomments
SELECTTimeGenerated,SourceNameFROMSystem--WeareusingtheSYSTEMeventlogB.Multiple-linecomments
SELECTTypeName,COUNT(*)ASTotalCountUSINGTO_UPPERCASE(EXTRACT_TOKEN(EventTypeName,0,''))ASTypeNameINTOReport.csvFROMSystem/*Weonlywanttoretrieveeventlogswhosetypenamecontains'service'
©2004MicrosoftCorporation.Allrightsreserved.
![Page 185: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/185.jpg)
*/WHERETypeNameLIKE'%service%'GROUPBYTypeNameHAVINGTotalCount>5ORDERBYTotalCountDESC
![Page 186: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/186.jpg)
DataTypesIntheLogParserSQL-Likelanguage,eachfield-expressionhasarelateddatatype,whichisanattributethatspecifiesthetypeofdatathatthefield-expressioncanhold.LogParsersuppliesasetofsystemdatatypesthatdefineallofthetypesofdatathatcanbeusedwithLogParser.Thesetofsystem-supplieddatatypesis:
INTEGER:integernumericdata;REAL:floatingprecisionnumericdata;STRING:variablelengthUNICODEcharacterstringdata;TIMESTAMP:dateandtimedata;NULL:unknownorunavailabledata.
©2004MicrosoftCorporation.Allrightsreserved.
![Page 187: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/187.jpg)
INTEGERDataTypeTheINTEGERdatatyperepresentsinteger(wholenumber)numericdata.
Valuerange:
INTEGERvaluesarerepresentedassigned64-bit(8-byte)integernumbers,withvaluesrangingfrom-2^63(-9,223,372,036,854,775,808)through2^63-1(9,223,372,036,854,775,807).
ConversionFunctions:
OtherdatatypestoINTEGERdatatype:TO_INT
INTEGERdatatypetootherdatatypes:TO_REALTO_STRINGTO_TIMESTAMP
Seealso:ConstantValues
©2004MicrosoftCorporation.Allrightsreserved.
![Page 188: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/188.jpg)
REALDataTypeTheREALdatatyperepresentsfloatingpointnumericdata.Floatingpointdataisapproximate;notallvaluesinthedatatyperangecanbepreciselyrepresented.
Valuerange:
REALvaluesarerepresentedassigned64-bit(8-byte)floatingpointnumbers,withvaluesrangingfrom±5.0×10-324through±1.7×10308,withatleast15digitsofprecision.
ConversionFunctions:
OtherdatatypestoREALdatatype:TO_REAL
REALdatatypetootherdatatypes:TO_INTTO_STRINGTO_TIMESTAMP
Seealso:ConstantValues
©2004MicrosoftCorporation.Allrightsreserved.
![Page 189: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/189.jpg)
STRINGDataTypeTheSTRINGdatatyperepresentsvariablelengthUNICODEcharacterstringdata.
ConversionFunctions:
OtherdatatypestoSTRINGdatatype:TO_STRING
STRINGdatatypetootherdatatypes:TO_INTTO_REALTO_TIMESTAMP
Seealso:ConstantValues
©2004MicrosoftCorporation.Allrightsreserved.
![Page 190: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/190.jpg)
TIMESTAMPDataTypeTheTIMESTAMPdatatyperepresentsdateandtimeofdaydata.
Valuerange:
TIMESTAMPvaluesrangefromJanuary1,-8192throughDecember31,8191,toanaccuracyofonehundrednanoseconds(oneten-thousandthofamillisecond).
Date-onlyandTime-onlyTimestamps
TIMESTAMPvaluescanberestrictedtorepresentdatedataonlyortimeofdaydataonly.AsexplainedintheRemarkssectionbelow,aTIMESTAMPvaluethathasbeenrestrictedtorepresentdatedataonlyortimeofdaydataonlywillbeformattedtodisplaydateelementsonly(year,month,andday)ortimeofdayelementsonly(hour,minute,second,millisecond,andnanosecond).TIMESTAMPvaluescanberestrictedtodate-onlyortime-onlytimestampsindifferentways.SomeinputformatsreturnTIMESTAMPinputrecordfieldswhosevaluesrepresentonlydatesortimesofday.Forexample,the"date"and"time"fieldsoftheIISW3Cinputformathavevaluesrepresentingonlydatesandtimesofday,respectively.TIMESTAMPconstantscanalsobeenteredasdate-onlyortime-onlytimestampvalues,dependingontheTimestampFormatSpecifiersused.Inaddition,theTO_DATE,TO_TIME,SYSTEM_DATE,andSYSTEM_TIMEfunctionsallreturnTIMESTAMPvaluesrepresentingdatesortimesofdayonly.Formoreinformation,refertotheRemarkssectionbelow.
Remarks:
![Page 191: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/191.jpg)
TIMESTAMPvaluesareformattedandparsedusingTimestampFormatSpecifiers.Timestampformatspecifiersarestringsthatusespecialcharacterstodescribedateand/ortimeelementsinastringrepresentationofatimestamp.Formoreinformation,refertotheTimestampFormatSpecifiersreference.Althoughthedistinctionbetweendate-onlyortime-onlyTIMESTAMPvaluesandfullTIMESTAMPvaluesisoftentransparenttotheuser,date-onlyortime-onlyvaluesbehavedifferentlythanfullTIMESTAMPvaluesinthefollowingcircumstances:Comparisonoperatorsinexpressions:Whencomparingadate-onlyTIMESTAMPvaluewithanotherTIMESTAMPvalue,thetimeofdaydataofthedate-onlyvalueisassumedtobetimezero.Similarly,whencomparingatime-onlyTIMESTAMPvaluewithanotherTIMESTAMPvalue,thedatedataofthetime-onlyvalueisassumedtobeJanuary1,year0.FormattingTIMESTAMPvalues:wheneveradate-onlyortime-onlyTIMESTAMPvalueisformattedtoaSTRINGvaluebyeitherexplicitlyusingtheTO_STRINGfunctionorasimplicitlydonebyanoutputformat,theresultingSTRINGwillonlycontainthedateortimeofdaydata,andthenon-applicableTimestampFormatSpecifierswillbeignored.Asanexample,thefollowingqueryusestheTO_STRINGfunctionwithdateandtimeofdayformatspecifierstoformatthe"time"fieldoftheIISW3Cinputformat:
SELECTTO_STRING(time,'yyyy-MM-ddhh:mm:ss')FROM<1>Sincethevaluesofthe"time"fieldaretime-onlyTIMESTAMPvalues,theresultingSTRINGvalueswillbeformattedaccordingtothetimeofdayformatspecifiersonly,andthedateformatspecifierswillbeignored:
18:48:0418:48:2718:48:2718:48:29
ValuesoftypeTIMESTAMPcanalsobeusedtorepresenttimeintervals,forexamplewiththeADDandSUBfunctions.SincetheoriginoftimeintheLogParserSQL-Likelanguageis
![Page 192: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/192.jpg)
January1,year0,timeintervalsshouldbeexpressedastimestampsrelativetothisoriginoftime.Forexample,atimeintervalofonedayshouldbespecifiedasJanuary2,year0,i.e.24hoursaftertheoriginoftime.Thefollowingexamplequeryselectsalltheeventlogrecordsthathavebeenwritteninthepast2days:
SELECT*FROMSYSTEMWHERETimeWritten>TO_LOCALTIME(SUB(SYSTEM_TIMESTAMP(),TIMESTAMP('0000-01-03','yyyy-MM-dd')))TIMESTAMPvaluesdonotcarryinformationonthetimezonethetimestampisrelativeto.WhenworkingwithTIMESTAMPfieldsgeneratedbyaninputformat,usersshouldbeawareofthetimezonethesefieldsarerelativeto,andhandletheirvaluesaccordingly.Forexample,valuesofthe"TimeGenerated"fieldoftheEVTInputFormatarerelativetothelocaltimezone.IfUniversalTimeCoordinates(UTC)aredesired,theTO_UTCTIMEfunctionshouldbeusedtoconverttheselocaltimestampstoUTCtimestamps.
ConversionFunctions:
OtherdatatypestoTIMESTAMPdatatype:TO_TIMESTAMP
TIMESTAMPdatatypetootherdatatypes:TO_INTTO_REALTO_STRING
FullTIMESTAMPvaluestodate-onlyTIMESTAMPvalues:TO_DATE
FullTIMESTAMPvaluestotime-onlyTIMESTAMPvalues:
![Page 193: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/193.jpg)
TO_TIME
Date-onlyandtime-onlyTIMESTAMPvaluestofullTIMESTAMPvalues:TO_TIMESTAMP
LocaltimezoneTIMESTAMPvaluestoUTCTIMESTAMPvalues:TO_UTCTIME
UTCTIMESTAMPvaluestolocaltimezoneTIMESTAMPvalues:TO_LOCALTIME
Seealso:ConstantValuesTimestampFormatSpecifiers
©2004MicrosoftCorporation.Allrightsreserved.
![Page 194: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/194.jpg)
TimestampFormatSpecifiersTIMESTAMPvaluesareformattedandparsedusingTimestampFormatSpecifiers.Timestampformatspecifiersarestringsthatusespecialcharacterstodescribedateand/ortimeelementsinastringrepresentationofatimestamp.
Timestampformatspecifiersareusedinthefollowingcircumstances:
WhenenteringaTIMESTAMPconstantwiththeTIMESTAMPkeyword.Inthiscase,timestampformatspecifiersareusedtodescribehowthestringenteredshouldbeparsedinordertoobtainaTIMESTAMPvalue,asinthefollowingexample:
TimeGenerated>TIMESTAMP('2004-05-2810:23:15','yyyy-MM-ddhh:mm:ss')WhenconvertingaTIMESTAMPvaluetoaSTRINGvalueusingtheTO_STRINGfunction.Inthiscase,timestampformatspecifiersareusedtodescribehowtheTIMESTAMPvalueshouldbeformattedinordertoobtainaSTRINGvalue,asinthefollowingexample:
TO_STRING(TimeGenerated,'yyyyMMM,ddh:m:s')
WhenconvertingaSTRINGvaluetoaTIMESTAMPvalueusingtheTO_TIMESTAMPfunction.Inthiscase,timestampformatspecifiersareusedtodescribehowtheSTRINGvalueshouldbeparsedinordertoobtainaTIMESTAMPvalue,asinthefollowingexample:
TO_TIMESTAMP(Text,'MMMdddyyyy')
WhenspecifyinghowaninputformatshouldparseTIMESTAMPfields,usingthe"iTsFormat"parameter.Inthiscase,timestampformatspecifiersareusedtodescribehowtimestampvaluesarerepresentedbytheselecteddatasource,sothattheinputformatiscapabletoparsethesefieldsandrepresentthemasvaluesoftypeTIMESTAMP.Thefollowingexamplesetsaspecificvalueforthe"iTsFormat"
![Page 195: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/195.jpg)
parameteroftheCSVInputFormat:
C:\>logparser"SELECTMyFieldFROMfile.csv"-i:CSV-iTsFormat:"yyyy-MM-dd"WhenspecifyinghowanoutputformatshouldformatanddisplayTIMESTAMPfields,usingthe"oTsFormat"parameter.Inthiscase,timestampformatspecifiersareusedtodescribehowTIMESTAMPvaluesshouldbeformattedbytheoutputformat,asinthefollowingexampleusingtheTSVOutputFormat:
C:\>logparser"SELECTTimeGeneratedINTOfile.txtFROMSystem"-i:EVT-o:TSV-oTsFormat:"yyyy-MM-dd"
ThefollowingtabledescribesthetimestampformatspecifierssupportedbytheLogParserSQL-Likelanguage:
Specifier Description
Examplespecifierstrings Exampleformats
y year,lastdigit(whenparsing,assumedtoberelativetoyear2000)
yMMdd 40528
yy year,last2digits(whenparsing,assumedtoberelativetoyear2000)
yyMMdd 040528
yyy year,last3digits(whenparsing,assumedtoberelativetoyear2000)
yyyMMdd 0040528
yyyy year,4digits yyyyMMdd 20040528M month,noleadingzero yyyy-M-dd 2004-5-28
2004-12-01MM month,leadingzero yyyy-MM-dd 2004-05-28
2004-12-01
![Page 196: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/196.jpg)
MP month,leadingspace yyyy-MP-dd 2004-5-282004-12-01
MX month,withorwithoutleadingzero(whenparsing)month,withoutleadingzero(whenformatting)
yyyy-MX-dd 2004-05-28(whenparsing)2004-5-282004-12-01
MMM month,3-characterabbreviationofname(1)
MMMd,yyyy Dec1,2004
MMMM month,fullname(1) MMMMd,yyyy
December1,2004
d day,noleadingzero yyyy-MM-d 2004-12-12004-05-28
dd day,leadingzero yyyy-MM-dd 2004-12-012004-05-28
dp day,leadingspace yyyy-MM-dp 2004-12-12004-05-28
dx day,withorwithoutleadingzero(whenparsing)day,withoutleadingzero(whenformatting)
yyyy-MM-dx 2004-12-01(whenparsing)2004-12-12004-05-28
ddd weekday,3-characterabbreviationofname(1)
dddMMMMd,yyyy
WedDecember1,2004
dddd weekday,fullname(1)
ddddMMMMd,yyyy
WednesdayDecember1,2004
h,H hour,noleadingzero h:mm:ss 3:12:0521:04:15
hh,HH hour,leadingzero hh:mm:ss 03:12:0521:04:15
hp,HP hour,leadingspace hp:mm:ss 3:12:0521:04:15
![Page 197: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/197.jpg)
hx,HX hour,withorwithoutleadingzero(whenparsing)hour,withoutleadingzero(whenformatting)
hx:mm:ss 03:12:05(whenparsing)3:12:0521:04:15
m minute,noleadingzero
hh:m:ss 21:4:1503:12:05
mm minute,leadingzero hh:mm:ss 21:04:1503:12:05
mp minute,leadingspace hh:mp:ss 21:4:1503:12:05
mx minute,withorwithoutleadingzero(whenparsing)minute,withoutleadingzero(whenformatting)
hh:mx:ss 21:04:15(whenparsing)21:4:153:12:05
s second,noleadingzero
hh:mm:ss 03:12:521:04:15
ss second,leadingzero hh:mm:ss 03:12:0521:04:15
sp second,leadingspace hh:mm:sp 03:12:521:04:15
sx second,withorwithoutleadingzero(whenparsing)second,withoutleadingzero(whenformatting)
hh:mm:ss 03:12:05(whenparsing)03:12:521:04:15
l millisecond,noleadingzeroes
hh:mm:ss.l 21:4:15.503:12:05.395
ll millisecond,leadingzeroes
hh:mm:ss.ll 21:04:15.00503:12:05.395
lp millisecond,leadingspaces
hh:mm:ss.lp 21:04:15.503:12:05.395
![Page 198: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/198.jpg)
lx millisecond,withorwithoutleadingzero(whenparsing)millisecond,withoutleadingzero(whenformatting)
hh:mm:ss.lx 21:04:15.005(whenparsing)21:04:15.53:12:05.395
n nanosecond,noleadingzeroes
hh:mm:ss.ll.n 21:4:15.005.40003:12:05.395.1900
nn nanosecond,leadingzeroes
hh:mm:ss.ll.nn 21:04:15.005.0000040003:12:05.395.001900
np nanosecond,leadingspaces
hh:mm:ss.ll.np 21:04:15.005.40003:12:05.395.1900
nx nanosecond,withorwithoutleadingzero(whenparsing)nanosecond,withoutleadingzero(whenformatting)
hh:mm:ss.ll.nx 21:04:15.005.00000400(whenparsing)21:04:15.005.4003:12:05.395.1900
tt AM/PMnotation hh:mm:sstt 09:04:15PM03:12.05AM
? anycharacter(whenparsing)space(whenformatting)
yyyy-MM-dd?hh:mm:ss
2004-05-28T21:04:15(whenparsing)2004-05-2821:04:15(whenformatting)
anyother
characterverbatimcharacter hh:mm:ss---
yyyy.MM+dd09:04:15---2004.05+28
Notes:(1):elementnamesareobtainedfromthecurrentsystemlocale.
Date-onlyandTime-onlyTimestampsWhenparsingatimestampstring,thefollowingassumptionsaremade:
![Page 199: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/199.jpg)
Ifthetimestampformatspecifiersincludedateelementsonly,theresultingTIMESTAMPvaluewillbeadate-onlytimestamp;forexample,thefollowingstatementcreatesadate-onlyTIMESTAMPconstantvalue:
TIMESTAMP('2004-05-28','yyyy-MM-dd')
Ifthetimestampformatspecifiersincludetimeofdayelementsonly,theresultingTIMESTAMPvaluewillbeatime-onlytimestamp;forexample,thefollowingstatementcreatesatime-onlyTIMESTAMPconstantvalue:
TIMESTAMP('21:04:15','hh:mm:ss')
UnspecifieddateelementsarereplacedwiththecorrespondingelementsoftheLogParserorigindate(January1,year0),unlessthetimestampisatime-onlytimestampvalue;forexample,thefollowingstatementcreatesadate-onlytimestamprepresentingthedateFebruary1,year0:
TIMESTAMP('2','M')
Similarly,unspecifiedtimeelementsarereplacedwithzerovalues,unlessthetimestampisadate-onlytimestampvalue;forexample,thefollowingstatementcreatesatime-onlytimestamprepresentingthetime10:00:00.0.0:
TIMESTAMP('10','h')
Asanotherexample,thefollowingstatementcreatesafulltimestampvaluerepresentingthetime10:00:00.0.0onFebruary1,year0:
TIMESTAMP('210','Mh')
Formoreinformationondate-onlyandtime-onlytimestampvalues,refertotheTimestampDataTypereference.
![Page 200: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/200.jpg)
Seealso:ConstantValuesTimestampDataType
©2004MicrosoftCorporation.Allrightsreserved.
![Page 201: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/201.jpg)
NULLDataTypeTheNULLdatatyperepresentsunknownorunavailabledata.
Remarks:InputformatsoftenreturnNULLvaluesforinputrecordfieldstoindicatethatthefielddataisnotavailableinthecurrentlog.AvalueofNULLisdifferentfromazerovalue.IntheLogParserSQL-Likelanguage,comparisonoperatorsinexpressionstreatNULLvaluesastheminimumpossiblevalues.Inotherwords,allnon-NULLvalues,evennegativenumericvalues,arealwaysgreaterthanaNULLvalue.Ontheotherhand,theMINandMAXaggregatefunctionstreatNULLvaluesasrespectivelythemaximumandminimumpossiblevalues.Inotherwords,theMINorMAXvaluebetweenanon-NULLvalueandaNULLvalueisalwaysthenon-NULLvalue.TotestforNULLvaluesinaqueryuseISNULLorISNOTNULLintheWHEREorHAVINGclauses.
Seealso:ConstantValuesExpressions
©2004MicrosoftCorporation.Allrightsreserved.
![Page 202: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/202.jpg)
InputFormatsIISLogFileInputFormatsIISW3C:parsesIISlogfilesintheW3CExtendedLogFileFormat.IIS:parsesIISlogfilesintheMicrosoftIISLogFileFormat.BIN:parsesIISlogfilesintheCentralizedBinaryLogFileFormat.IISODBC:returnsdatabaserecordsfromthetablesloggedtobyIISwhenconfiguredtologintheODBCLogFormat.HTTPERR:parsesHTTPerrorlogfilesgeneratedbyHttp.sys.URLSCAN:parseslogfilesgeneratedbytheURLScanIISfilter.
GenericTextFileInputFormatsCSV:parsescomma-separatedvaluestextfiles.TSV:parsestab-separatedandspace-separatedvaluestextfiles.XML:parsesXMLtextfiles.W3C:parsestextfilesintheW3CExtendedLogFileFormat.NCSA:parseswebserverlogfilesintheNCSACommon,Combined,andExtendedLogFileFormats.TEXTLINE:returnslinesfromgenerictextfiles.TEXTWORD:returnswordsfromgenerictextfiles.
SystemInformationInputFormatsEVT:returnseventsfromtheWindowsEventLogandfromEventLogbackupfiles(.evtfiles).FS:returnsinformationonfilesanddirectories.REG:returnsinformationonregistryvalues.ADS:returnsinformationonActiveDirectoryobjects.
Special-purposeInputFormats
![Page 203: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/203.jpg)
NETMON:parsesnetworkcapturefilescreatedbyNetMon.ETW:parsesEnterpriseTracingforWindowstracelogfilesandlivesessions.COM:providesaninterfacetoCustomInputFormatCOMPlugins.
©2004MicrosoftCorporation.Allrightsreserved.
![Page 204: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/204.jpg)
ADSInputFormatTheADSinputformatreturnspropertiesofActiveDirectoryobjects.
TheADSinputformatenumeratestheActiveDirectoryobjectsintheActiveDirectoryContainerwhoseLDAPpathisspecifiedinthefrom-entity,eventuallyrecursingintoadditionalContainerobjectsfoundduringtheenumeration.TheinformationreturnedforeachobjectdependsonthevaluespecifiedfortheobjClassparameter.
WhentheobjClassparameterisleftunspecified,theADSinputformatworksin"propertymode",returningarecordforeachpropertyofeachobjectvisitedduringtheenumeration.Inthiscase,inputrecordshaveafixednumberoffieldswhosevaluesdescribethepropertiesbeingreturned,includinga"PropertyName"fieldanda"PropertyValue"fieldcontainingthenameandthevalueofthepropertybeingprocessed.Queriesoperatingin"propertymode"canworkonActiveDirectoryobjectsofdifferenttypes,andsinceeachinputrecordrepresentsasingleobjectproperty,theycanonlyreferenceasinglepropertyatatime.
Forexample,thefollowingcommandreturnsthevaluesofallthepropertiesnamed"comment"fromalltheobjectsinthespecifiedpath:
LogParser"SELECTPropertyValueFROMLDAP://mydomain.mycompany.comWHEREPropertyName='comment'"-i:ADSTheoutputwouldlooklikethefollowingexample:
PropertyValue-----------------BuiltinBuiltinAccountOperatorsAccountOperatorsAdministratorsAdministrators
WhenthenameofanActiveDirectoryobjectclassisspecifiedfortheobjClassparameter,theADSinputformatworksin"objectmode",returningarecordforeachobjectvisitedduringtheenumerationthatisaninstanceofthespecifiedclass.Inthiscase,thereisaninputrecordfieldforeachofthepropertiesofthe
![Page 205: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/205.jpg)
BackupOperatorsBackupOperatorsobjectbeingreturned.Queriesoperatingin"objectmode"canonlyworkonActiveDirectoryobjectsofasingletype,andsinceeachinputrecordrepresentsasingleobject,theycanreferencemultiplepropertiesofthesameobjectatthesametime.
Forexample,thefollowingcommandreturnsthespecifiedpropertiesfromalltheobjectsoftype"Computer":
LogParser"SELECTcn,operatingSystem,operatingSystemServicePackFROMLDAP://mydomain.mycompany.com/CN=Computers,DC=mydomain,DC=mycompany,DC=com"-i:ADS-objClass:ComputerTheoutputwouldlooklikethefollowingexample:
cnoperatingSystemoperatingSystemServicePack-------------------------------------------------------------SERVER01WindowsXPProfessionalServicePack1SERVER02WindowsXPProfessionalServicePack2TESTMACHINE1WindowsServer2003-TESTMACHINE2WindowsXPProfessionalServicePack2TESTMACHINE3WindowsXPProfessionalServicePack1TESTMACHINE4Windows2000ServerServicePack4
From-EntitySyntaxFieldsParametersExamples
©2004MicrosoftCorporation.Allrightsreserved.
![Page 206: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/206.jpg)
ADSInputFormatFrom-EntitySyntax<from-entity>
::= [[<provider>:]//[<username>:<password>@]<domain>]/<path>[;...]
The<from-entity>specifiedinqueriesusingtheADSinputformatisasemicolon-separatedlistofLDAPpaths.EachLDAPpathbeginswithanoptionalprovidername(e.g."IIS","LDAP"),followedbyanoptionaldomainorcomputername.Ifaprovidernameisnotspecified,then"IIS"isassumedbydefault.Ifadomainnameorcomputernameisnotspecified,then"localhost"isassumedbydefault.
Thefrom-entitycanoptionallyincludeausernameandapasswordtobeusedfortheconnectiontotheActiveDirectoryprovider.Whenthesearenotspecified,theADSinputformatusesthecurrentuser'scredentials.
Note:LDAPpathscontainingcomma(,)charactersshouldbeenclosedwithinsingle-quote(')characters.
Examples:
FROMIIS://COMPUTER01/W3SVC/1
FROMIIS://MyUsername:MyPassword@COMPUTER01/W3SVC/1
FROM'LDAP://MyDomain/CN=Users,DC=MyDomain,DC=com'
FROM'LDAP://MyUsername:MyPassword@MyDomain/CN=Users,DC=MyDomain,DC=com'FROM/W3SVC/1;/W3SVC/2;//COMPUTER02/W3SVC/1
©2004MicrosoftCorporation.Allrightsreserved.
![Page 207: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/207.jpg)
ADSInputFormatFieldsThestructureoftheinputrecordsgeneratedbytheADSinputformatdependsonthevaluespecifiedfortheobjClassparameter.
PropertyModeWhentheobjClassparameterisleftunspecified,theADSinputformatworksin"propertymode",returningarecordforeachpropertyofeachobjectvisitedduringtheenumeration.Inthiscase,inputrecordshavethefollowingfixedstructure:
Name Type Description
ObjectPath STRING FullActiveDirectorypathoftheobjectcontainingthisproperty
ObjectName STRING Nameoftheobjectcontainingthisproperty
ObjectClass STRING Classnameoftheobjectcontainingthisproperty
PropertyName STRING Nameofthepropertybeingprocessed
PropertyValue STRING Valueofthepropertybeingprocessed
PropertyType STRING Typeofthepropertybeingprocessed
Queriesoperatingin"propertymode"canworkonActiveDirectoryobjectsofdifferenttypes,andsinceeachinputrecordrepresentsasingleobjectproperty,theycanonlyreferenceasinglepropertyatatime.
![Page 208: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/208.jpg)
ObjectModeWhenthenameofanActiveDirectoryobjectclassisspecifiedfortheobjClassparameter,theADSinputformatworksin"objectmode",returningarecordforeachobjectvisitedduringtheenumerationthatisaninstanceofthespecifiedclass.Inthiscase,thefirstinputrecordfieldisfixed,anditisdescribedinthefollowingtable:
Name Type Description
ObjectPath STRING FullActiveDirectorypathoftheobjectbeingprocessed
Thisfieldisfollowedbyfieldsrepresentingallthepropertiesofthespecifiedobjectclass.Eachfieldisnamedafterthecorrespondingpropertyname,anditsdatatypeisdeterminedbythepropertytypedeclaredbytheActiveDirectoryschemaobjectforthespecifiedclass.
Queriesoperatingin"objectmode"canonlyworkonActiveDirectoryobjectsofasingletype,andsinceeachinputrecordrepresentsasingleobject,theycanreferencemultiplepropertiesofthesameobjectatthesametime.
©2004MicrosoftCorporation.Allrightsreserved.
![Page 209: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/209.jpg)
ADSInputFormatParametersTheADSinputformatsupportsthefollowingparameters:
objClass
Values: ActiveDirectoryobjectclassname
Default: notspecified
Description: Objectclassnamefor"objectmode"operation.
Details: Whenthisparameterisleftunspecified,theADSinputformatworksin"propertymode",returningarecordforeachpropertyofeachobjectvisitedduringtheenumeration.Ontheotherhand,whenthenameofanActiveDirectoryobjectclassisspecifiedforthisparameter,theADSinputformatworksin"objectmode",returningarecordforeachobjectvisitedduringtheenumerationthatisaninstanceofthespecifiedclass.Formoreinformationonthedifferentmodesofoperation,seeFormatFields.
Example: -objClass:Userusername
Values: username
Default: notspecified
Description: UsernamefortheActiveDirectoryconnection.
Details: Whenausernameisnotspecifiedforthisparameter,theADSinputformatusestheusernamespecifiedinthefrom-entityofthequery.Ifthefrom-entitydoesnotincludeausername,theADSinputformatwillusethecurrentuser'scredentials.
Note:Forsecurityreasons,valuesspecifiedforthisparameterarenotpersistedwhenusingtheLogParsercommand-lineDefaultsOverrideMode.
![Page 210: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/210.jpg)
Example: -username:MyUserpassword
Values: password
Default: notspecified
Description: PasswordfortheActiveDirectoryconnection.
Details: Passwordfortheusernamespecifiedwiththe"username"parameter.
Note:Forsecurityreasons,valuesspecifiedforthisparameterarenotpersistedwhenusingtheLogParsercommand-lineDefaultsOverrideMode.
Example: -password:MyPasswordrecurse
Values: recursionlevel(number)
Default: -1
Description: MaxADScontainerrecursionlevel.
Details: 0disablescontainerrecursion;-1enablesunlimitedrecursion.
Example: -recurse:2multiValuedSep
Values: anystring
Default: |
Description: Separatorbetweenvaluesofmulti-valuedtypes.
Details: Multi-valuedpropertyvaluesarereturnedasasinglestring,builtbyconcatenatingthemultiplevaluesoneaftertheotherusingthevalueofthisparameterasaseparatorbetweentheelements.
Example: -multiValuedSep:,
![Page 211: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/211.jpg)
ignoreDSErrors
Values: ON|OFF
Default: ON
Description: IgnoreDirectoryServiceerrors.
Details: Whenthisparameterissetto"OFF",DirectoryServiceerrorsoccurringduringtheenumerationofobjectsandpropertiesarereturnedasErrors.Whenthisparameterissetto"ON",DirectoryServiceerrorsaresilentlyignored,andinputrecordfieldscorrespondingtounretrievableobjectsorpropertiesarereturnedasNULLvalues.
Example: -ignoreDSErrors:OFFparseBinary
Values: ON|OFF
Default: OFF
Description: Returnvalueofbinaryproperties.
Details: Thisparameterspecifieswhetherpropertiescontainingbinaryvaluesarereturnedornot.Whenthisparameterissetto"ON",binaryvaluesarereturnedasSTRINGvaluesformattedaccordingtothevaluespecifiedforthe"binaryFormat"parameter.
Example: -parseBinary:ONbinaryFormat
Values: ASC|PRINT|HEX
Default: HEX
Description: Formatofbinaryproperties.
![Page 212: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/212.jpg)
Details: Whenthe"parseBinary"propertyissetto"ON",theADSinputformatreturnspropertiescontainingbinaryvalues.Inthiscase,binaryvaluesarereturnedasSTRINGvaluesformattedaccordingtothevaluespecifiedforthisparameter.Whenthisparameterissetto"ASC",databytesbelongingtothe0x20-0x7FrangearereturnedasASCIIcharacters,whiledatabytesoutsidetherangearereturnedasperiod(.)characters,asshowninthefollowingexample:
Bucket:02096553..rundll32.exe
Whenthisparameterissetto"PRINT",databytesrepresentingprintableASCIIcharactersarereturnedasASCIIcharacters,whiledatabytesthatdonotrepresentprintableASCIIcharactersarereturnedasperiod(.)characters,asshowninthefollowingexample:
Bucket:02096553rundll32.exeWhenthisparameterissetto"HEX",alldatabytesarereturnedastwo-digithexadecimalvalues,asshowninthefollowingexample:
4275636B65743A2030323039363535330D0A72756E646C6C33322E657865
Example: -binaryFormat:PRINT
©2004MicrosoftCorporation.Allrightsreserved.
![Page 213: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/213.jpg)
ADSInputFormatExamplesUsers'JobTitlesRetrieveusers'jobtitlebreakdownfromActiveDirectory:
LogParser"SELECTtitle,MUL(PROPCOUNT(*),100.0)ASPercentageINTODATAGRIDFROM'LDAP://MyUsername:MyPassword@mydomain/CN=Users,DC=mydomain,DC=com'WHEREtitleISNOTNULLGROUPBYtitleORDERBYPercentageDESC"-objClass:UserIISAccessFlagsMetaBasePropertiesRetrievealltheAccessFlagspropertiesfromIISmetabaseobjects:
LogParser"SELECTObjectPath,PropertyValueFROMIIS://localhostWHEREPropertyName='AccessFlags'"
©2004MicrosoftCorporation.Allrightsreserved.
![Page 214: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/214.jpg)
BINInputFormatTheBINinputformatparsesIISlogfilesintheCentralizedBinaryLogFileFormat.
WhenanIIS6.0webserverisconfiguredtologintheCentralizedBinaryLogFileFormat,alltheIISvirtualsiteshostedbytheserverloginasingle,server-widelogfile.Logfilesinthisformatarebinaryfiles,andtheinformationcontainedintheselogscannotbevisualizedbystandardtextfileprocessors.
From-EntitySyntaxFieldsExamples
©2004MicrosoftCorporation.Allrightsreserved.
![Page 215: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/215.jpg)
BINInputFormatFrom-EntitySyntax<from-entity> ::= <filename>|<SiteID>[,<filename>|<SiteID>...]
<SiteID> ::= <site_number><server_comment><site_metabase_path>
The<from-entity>specifiedinqueriesusingtheBINinputformatisacomma-separatedlistof:
PathsofIISCentralizedBinarylogfiles;IISVirtualSite"identifiers".
"Siteidentifiers"mustbeenclosedwithinanglebrackets(<and>),andcanhaveoneofthefollowingvalues:ThenumericsiteID(e.g."<1>","<28163489>");Thetextvalueofthe"ServerComment"propertyofthesite(e.g."<MyExternalSite>","<www.margiestravel.com>");Thefully-qualifiedADSImetabasepathtothesite(e.g."<//MYSERVER/W3SVC/1>"),usingeitherthenumericsiteIDorthetextvalueofthe"ServerComment"propertyofthesite.
Whena"siteidentifier"isused,theBINinputformatconnectstothespecifiedmachine'smetabase,gathersinformationontheserver'scurrentloggingproperties,andparsesallthelogfilesintheserver'scurrentlogfiledirectory,returningonlytheentriescorrespondingtorequeststothespecifiedvirtualsite.
Filenamesand"Siteidentifiers"canalsoincludewildcards(e.g."LogFiles\ra04*.ibl","<www.*.com>").
Examples:
FROMLogFiles\ra04*.ibl,LogFiles\ra03*.ibl,\\MyServer\LoggingShare\W3SVC\ra04*.ibl
![Page 216: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/216.jpg)
FROM<1>,<2>,<MyExternalSite>,raw9.ibl
FROM<www.net*home.com>,<//MyServer2/W3SVC/www.net*home.com>,<*>
©2004MicrosoftCorporation.Allrightsreserved.
![Page 217: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/217.jpg)
BINInputFormatFieldsTheinputrecordsgeneratedbytheBINinputformatcontainthefollowingfields:
Name Type Description
LogFilename STRING Fullpathofthelogfilecontainingthisentry
LogRow INTEGER Lineinthelogfilecontainingthisentry
ComputerName STRING Thenameoftheserverthatservedtherequest
SiteID INTEGER TheIISvirtualsiteinstancenumberthatservedtherequest
DateTime TIMESTAMP Thedateandtimeatwhichtherequestwasserved(UniversalTimeCoordinates(UTC)time)
ClientIpAddress STRING TheIPaddressoftheclientthatmadetherequest
ServerIpAddress STRING TheIPaddressoftheserverthatservedtherequest
ServerPort INTEGER Theserverportnumberthatreceivedtherequest
Method STRING TheHTTPrequestverb
![Page 218: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/218.jpg)
ProtocolVersion STRING TheHTTPversionoftheclientrequest
ProtocolStatus INTEGER TheresponseHTTPstatuscode
SubStatus INTEGER TheresponseHTTPsub-statuscode
TimeTaken INTEGER Thenumberofmillisecondselapsedsincethemomenttheserverreceivedtherequesttothemomenttheserversentthelastresponsechunktotheclient
BytesSent INTEGER Thenumberofbytesintheresponsesentbytheserver
BytesReceived INTEGER Thenumberofbytesintherequestsentbytheclient
Win32Status INTEGER TheWindowsstatuscodeassociatedwiththeresponseHTTPstatuscode
UriStem STRING TheHTTPrequesturi-stem
UriQuery STRING TheHTTPrequesturi-query,orNULLiftherequestedURIdidnotincludeauri-query
UserName STRING Thenameoftheauthenticateduserthatmadetherequest,orNULLiftherequestwasfromananonymoususer
![Page 219: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/219.jpg)
©2004MicrosoftCorporation.Allrightsreserved.
![Page 220: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/220.jpg)
BINInputFormatExamplesTop20URL'sforaSiteCreateachartcontainingtheTOP20URL'sinthe"www.margiestravel.com"website(assumedtobeloggingintheCentralizedBinarylogformat):
LogParser"SELECTTOP20UriStem,COUNT(*)ASHitsINTOMyChart.gifFROM<www.margiestravel.com>GROUPBYUriStemORDERBYHitsDESC"-chartType:Column3D-groupSize:1024x768
©2004MicrosoftCorporation.Allrightsreserved.
![Page 221: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/221.jpg)
COMInputFormatTheCOMinputformatprovidesaninterfacetoCustomInputFormatCOMPlugins.
WiththeLogParsercommand-lineexecutable,CustomInputFormatCOMPluginsareusedthroughtheCOMinputformat.ThisinputformattakestheProgIDofthepluginCOMobjectasavalueoftheiProgIDparameter,anditprovidesaninterfaceforcommand-lineoperationstousethecustominputformat.
WiththeLogParserscriptableCOMcomponents,CustomInputFormatCOMPluginobjectscanbeuseddirectlyasargumentstotheExecuteorExecuteBatchmethodsoftheLogQueryobject.Forthisreason,theCOMinputformatisnotprovidedasaLogParserscriptableCOMcomponent.
From-EntitySyntaxFieldsParametersExamples
Seealso:CustomPluginsCOMInputFormatPluginsReference
©2004MicrosoftCorporation.Allrightsreserved.
![Page 222: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/222.jpg)
COMInputFormatFrom-EntitySyntaxThe<from-entity>specifiedinqueriesusingtheCOMinputformatisdeliveredas-istothecustominputformatCOMobjectasanargumenttotheOpenInputmethodoftheILogParserInputContextinterface,anditssyntaxandinterpretationisprovidedbythecustominputformatselected.The<from-entity>specifiedinqueriesusingtheCOMinputformatmusthoweverobeythegeneralsyntaxfor<from-entity>languageelements.
©2004MicrosoftCorporation.Allrightsreserved.
![Page 223: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/223.jpg)
COMInputFormatFieldsTheinputrecordsgeneratedbytheCOMinputformatcontainthefieldsprovidedbythecurrentlyselectedCustomInputFormatCOMplugin.
Thenumberoffields,theirnames,andtheirdatatypesareretrievedthroughtheGetFieldCount,GetFieldName,andGetFieldTypemethodsoftheILogParserInputContextinterface.
©2004MicrosoftCorporation.Allrightsreserved.
![Page 224: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/224.jpg)
COMInputFormatParametersTheCOMinputformatsupportsthefollowingparameters:
iProgID
Values: COMProgID
Default: notspecified
Description: ProgIDoftheCustomInputFormatCOMPlugin.
Details: Thisparameterisusedtospecifytheversion-independentProgIDofthecustominputformatCOMobjectselectedforthecurrentquery.
Example: -iProgID:MSUtil.LogQuery.Sample.QFEiCOMParams
Values: name=value[,name=value...]
Default: notspecified
Description: ParametersfortheCustomInputFormatCOMPlugin.
Details: Thevalueofthisparameterisacomma-separatedlistofname-valuepairsspecifyingpropertynamesandvaluesforCustomInputFormatCOMPluginsimplementedthroughtheIDispatchCOMinterface.Ifpropertynamesortheirvaluescontainspacecharacters,thevalueofthisparametershouldbesurroundedbydouble-quote(")characters.FormoreinformationoncustompropertiesexposedbyCOMplugins,seeCustomPropertiesintheCOMInputFormatPluginsreference.
Example: -iCOMParams:TargetMachine=localhost,ExtendedFields=on
![Page 225: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/225.jpg)
iCOMServer
Values: computername
Default: localhost
Description: ComputernameonwhichtheCustomInputFormatCOMPluginistobeinstantiated.
Details: PluginCOMobjectssupportingDistributedCOM(DCOM)canbeinstantiatedonaremotecomputer,thusprovidingameansforthecustominputformattoprocessdataonacomputerdifferentthanthecomputerrunningtheLogParserquery.
Example: -iCOMServer:MYSERVER01
©2004MicrosoftCorporation.Allrightsreserved.
![Page 226: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/226.jpg)
COMInputFormatExamplesQFEInformationReturnQFEinformationfromthelocalmachine,usingthe"QFE"sampleCustomInputFormatCOMPlugin:
LogParser"SELECT*FROM."-i:COM-iProgID:MSUtil.LogQuery.Sample.QFE-iCOMParams:ExtendedFields=on
©2004MicrosoftCorporation.Allrightsreserved.
![Page 227: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/227.jpg)
CSVInputFormatTheCSVinputformatparsescomma-separatedvaluestextfiles.
CSVtextfilesaregeneratedandhandledbyalargenumberofapplicationsandtools,including:
MicrosoftExcelPerfMonGenericspreadsheetapplications
InaCSVtextfile,eachlineconsistsofonerecord,andfieldsinarecordareseparatedbycommas.Dependingontheapplication,thefirstlineinaCSVfilemightbea"header",containingthelabelsoftherecordfields.ThefollowingexampleshowsaCSVfilebeginningwithaheader:
DateTime,PID,Comment5/28/200413:56:12,2956,Applicationstarted5/28/200413:59:02,2956,Waitingforinput5/28/200414:12:45,3104,Applicationstarted5/28/200415:24:42,1048,Applicationstarted
Moreover,fieldvaluesandlabelsmightbeenclosedwithindouble-quote(")characters,asshownbythefollowingPerfMonCSVlogfileexample:
"\\GAB1\Processor(_Total)\%ProcessorTime","\\GAB1\System\Processes""99.999993086289507","33""2.0000000000000018","33""1.0000000000000009","33""0.33333333333332993","33""0.33333333333332993","33""0","33""4.0000000000000036","33""4.3333333333333339","33"
From-EntitySyntaxFieldsParametersExamples
Seealso:TSVInputFormatCSVOutputFormat
![Page 228: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/228.jpg)
©2004MicrosoftCorporation.Allrightsreserved.
![Page 229: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/229.jpg)
CSVInputFormatFrom-EntitySyntax<from-entity> ::= <filename>[,<filename>...]|
http://<url>|STDIN
The<from-entity>specifiedinqueriesusingtheCSVinputformatiseither:
Acomma-separatedlistofpathsofCSVfiles,eventuallyincludingwildcards;TheURLofafileintheCSVformat;The"STDIN"keyword,whichspecifiesthattheinputdataisavailablefromtheinputstream(commonlyusedwhenpipingcommandexecutions).
Examples:
FROMLogFiles1\*.csv,LogFiles2\*.csv,\\MyServer\FileShare\*.csv
FROMhttp://www.microsoft.adatum.com/MyCSVFiles/example.csv
typedata.csv|LogParser"SELECT*FROMSTDIN"-i:CSV
©2004MicrosoftCorporation.Allrightsreserved.
![Page 230: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/230.jpg)
CSVInputFormatFieldsThestructureoftheinputrecordsgeneratedbytheCSVinputformatisdeterminedatruntime,dependingonthedatabeingparsed,andonthevaluesspecifiedfortheinputformatparameters.
Thefirsttwoinputrecordfieldsarefixed,andtheyaredescribedinthefollowingtable:
Name Type Description
Filename STRING Fullpathofthefilecontainingthisentry
RowNumber INTEGER Lineinthefilecontainingthisentry
ThesetwofieldsarethenfollowedbythefieldsdetectedbytheCSVinputformatintheCSVfile(s)beingparsed.Thenumber,names,anddatatypesofthefieldsaredeterminedbyexamininginitiallytheCSVdataaccordingtothevaluesspecifiedfortheinputformatparameters.
ThenumberoffieldsdetectedbytheCSVinputformatduringtheinitialinspectionphasedictateshowtheCSVrecordfieldswillbeextractedfromtheinputdataduringthesubsequentparsingstage.IfaCSVlinecontainslessfieldsthanthenumberoffieldsestablished,themissingfieldsarereturnedasNULLvalues.Ontheotherhand,ifaCSVlinecontainsmorefieldsthanthenumberoffieldsestablished,theextrafieldsareparsedasiftheywerepartofthevalueofthelastfieldexpectedbytheCSVinputformat.
NumberofFieldsThenumberoffieldsinaninputrecordisdeterminedbytheinputCSVdataandbythevaluesofthenFieldsandfixedFieldsparameters.
Whenthe"nFields"parameterissetto-1,theCSVinputformatdeterminesthenumberoffieldsbyinspectingtheinputCSVdata.
![Page 231: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/231.jpg)
Ifthe"fixedFields"parameterissetto"ON",indicatingthatalltherowsintheCSVfilehavethesamefixednumberoffields,thenthenumberoffieldsisdeterminedbyparsingeitherthefirstlineoftheCSVinputdata,orthefirstlineoftheheaderfilespecifiedwiththe"iHeaderFile"parameter.Ontheotherhand,ifthe"fixedFields"parameterissetto"OFF",indicatingthattherowsintheCSVfilehaveavariablenumberoffields,thenthenumberoffieldsisassumedtobethelargestnumberoffieldsfoundamongthefirstnlinesoftheCSVinputdata(eventuallyincludingthefirstlineoftheheaderfilespecifiedwiththe"iHeaderFile"parameter),wherenisthevalueofthe"dtLines"parameter.
Asanexample,thefollowingCSVfilecontainsavariablenumberoffields:
Name,City,AreaCodeJeff,Redmond,425Steve,Seattle,206,98101Edward,Olympia,360Whenparsedwiththe"nFields"parametersetto-1andthe"fixedFields"parametersetto"ON",thisCSVfilewouldyieldthreefields("Name","City",and"AreaCode").Inthiscase,theextrafourthfieldinthesecondrecordwouldbeparsedaspartofthethird"AreaCode"field,whosevaluewouldthenbe"206,98101".Ontheotherhand,ifthe"fixedFields"parameterissetto"OFF",andthe"dtLines"parameterissettoanyvaluegreaterthan2,thenthesameCSVfilewouldyieldfourfields("Name","City","AreaCode",andanadditionalfourthfielddetectedinthesecondCSVrecord).Inthiscase,thefirstandthirdrecordswouldhaveaNULLvalueforthefourthfield,andthesecondrecordwouldhavea"98101"valueforthefourthfield.
Whenthe"nFields"parameterissettoavaluegreaterthanzero,theCSVinputformatusesthespecifiedvalueasthenumberoffieldsintheinputdata.However,ifthe"fixedFields"parameterissetto"OFF",indicatingthattherowsintheCSVfilehaveavariablenumberoffields,thentheCSVinputformatusesthevalueofthe"nFields"parameterasa"suggestedminimum"numberoffields,anditexaminesthefirstnlinesoftheCSV
![Page 232: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/232.jpg)
inputdata(eventuallyincludingthefirstlineoftheheaderfilespecifiedwiththe"iHeaderFile"parameter),wherenisthevalueofthe"dtLines"parameter,todeterminethenumberoffieldsamongtheselines.Iflinesarefoundcontainingmorefieldsthanthevaluespecifiedforthe"nFields"parameter,thenthenumberoffieldsisadjustedtothelargestnumberoffieldsfoundamongthefirstnlines.
ConsideringagainthepreviousCSVexamplefile,parsingthefilewiththe"nFields"parametersetto3andthe"fixedFields"parametersetto"ON"wouldyieldthreefields.However,settingthe"fixedFields"parameterto"OFF"andthe"dtLines"parametertoanyvaluegreaterthan2wouldyieldfourfields,detectingtheextrafieldinthesecondrecord.
FieldNamesThenamesofthefieldsinaninputrecordisdeterminedbytheinputCSVdataandbythevaluesoftheheaderRowandiHeaderFileparameters.
Whenthe"headerRow"parameterissetto"ON",theCSVinputformatassumesthatthefirstlineintheCSVfilebeingparsedisaheadercontainingthefieldnames.Inthiscase,ifthe"iHeaderFile"parameterisleftunspecified,theCSVinputformatextractsthefieldnamesfromtheheaderline.Ontheotherhand,ifthe"iHeaderFile"parameterissettothepathofaCSVfilecontainingatleastoneline,thentheCSVinputformatassumesthatthespecifiedfilecontainsaheader,parsesitsfirstlineonly,andextractsthefieldnamesfromthisline,ignoringthefirstlineoftheCSVfilebeingparsed.
Ifthenumberoffieldnamesextractedislessthanthenumberoffieldsdetected,theadditionalfieldsareautomaticallynamed"FieldN",withNbeingaprogressiveindexindicatingthefieldpositionintheinputrecord.
ConsideringthepreviousexampleCSVfile,settingthe"headerRow"parameterto"ON"wouldcausetheCSVinputformattousethefirstlineoftheCSVfileasaheadercontainingthefieldnames.Withthe"fixedFields"parametersetto"ON",theCSVinputformatwoulddetectthreefields,whosenameswouldbe"Name","City",and
![Page 233: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/233.jpg)
"AreaCode".Ontheotherhand,withthe"fixedFields"parametersetto"OFF",theCSVinputformatwoulddetectfourfields,named"Name","City","AreaCode",and"Field4".
Whenthe"headerRow"parameterissetto"OFF",theCSVinputformatassumesthattheCSVfilebeingparseddoesnotcontainaheader,andthatitsfirstlineisthefirstdatarecordinthefile.Inthiscase,ifthe"iHeaderFile"parameterissettothepathofaCSVfilecontainingatleastoneline,thentheCSVinputformatassumesthatthespecifiedfilecontainsaheader,parsesitsfirstlineonly,andextractsthefieldnamesfromthisline.Ontheotherhand,ifthe"iHeaderFile"parameterisleftunspecified,thefieldsareautomaticallynamed"FieldN",withNbeingaprogressivenumberindicatingthefieldpositionintheinputrecord.
Asanexample,thefollowingCSVfiledoesnotcontainaheaderline:
Jeff,Redmond,425Steve,Seattle,206Edward,Olympia,360Whenparsedwiththe"headerRow"parameterto"OFF",theCSVinputformatassumesthatthefirstlineoftheCSVfileisthefirstdatarecordinthefile.Inthiscase,thethreefieldswouldbenamed"Field1","Field2",and"Field3".
FieldTypesThedatatypeofeachfieldextractedfromtheinputdataisdeterminedbyexaminingthefirstnCSVdatalines,wherenisthevaluespecifiedforthedtLinesparameter,inthefollowingway:Ifallthenon-emptyfieldvaluesinthefirstnlinesareformattedasdecimalnumbers,thenthefieldisassumedtobeoftheREALtype.Ifallthenon-emptyfieldvaluesinthefirstnlinesareformattedasintegernumbers,thenthefieldisassumedtobeoftheINTEGERtype.Ifallthenon-emptyfieldvaluesinthefirstnlinesareformattedastimestampsintheformatspecifiedbytheiTsFormatparameter,thenthefieldisassumedtobeoftheTIMESTAMPtype.Otherwise,thefieldisassumedtobeoftheSTRINGtype.
![Page 234: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/234.jpg)
EmptyfieldvaluesarereturnedasNULLvalues.
©2004MicrosoftCorporation.Allrightsreserved.
![Page 235: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/235.jpg)
CSVInputFormatParametersTheCSVinputformatsupportsthefollowingparameters:
headerRow
Values: ON|OFF
Default: ON
Description: SpecifieswhetherornottheinputCSVfile(s)beginwithaheaderline.
Details: Whenthisparameterissetto"ON",theCSVinputformatassumesthateachfilebeingparsedbeginswithaheaderline,containingthelabelsofthefieldsinthefile.Ifthe"iHeaderFile"parameterisleftunspecified,theCSVinputformatwillusethefieldnamesinthefirstfile'sheaderasthenamesoftheinputrecordfields.Ifavalueisspecifiedforthe"iHeaderFile"parameter,theCSVinputformatwillignoretheheaderlineineachfilebeingparsed.Whenthisparameterissetto"OFF",theCSVinputformatassumesthatthefile(s)beingparseddonotcontainaheader,andparsestheirfirstlineasdatarecords.Formoreinformationonheadersandfieldnames,seeCSVInputFormatFields.
Example: -headerRow:OFFiHeaderFile
Values: pathtoaCSVfile
Default: notspecified
Description: Filecontainingfieldnames.
Details: WhenparsingCSVfilesthatdonotcontainaheader
![Page 236: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/236.jpg)
line,thefieldsoftheinputrecordsproducedbytheCSVinputformatarenamed"Field1","Field2",...Tooverridethisbehaviorandusemeaningfulfieldnames,thisparametercanbesettotothepathofaCSVfilecontainingaheaderline,causingtheCSVinputformattousethefieldnamesinthespecifiedCSVfile'sheaderlineasthenamesoftheinputrecordfields.OnlythefirstlineofthespecifiedCSVfileisparsed,andeventualadditionallinesareignored.Formoreinformationonheadersandfieldnames,seeCSVInputFormatFields.
Example: -iHeaderFile:"C:\MyFolder\header.csv"fixedFields
Values: ON|OFF
Default: ON
Description: SpecifieswhetherornotalltherecordsintheinputCSVfile(s)haveafixednumberoffields.
Details: Whenthisparameterissetto"ON",theCSVinputformatassumesthatthenumberoffieldsinalltheinputCSVrecordsequalsthenumberoffieldsfoundinthefirstCSVlineparsed,orthenumberoffieldsspecifiedforthe"nFields"parameter.Whenthisparameterissetto"OFF",theCSVinputformatassumesthattheinputCSVrecordshaveavariablenumberoffields,anditparsesthefirstnlinesoftheinputCSVdatatodeterminethemaximumnumberoffieldsintherecords,wherenisthevaluespecifiedforthe"dtLines"parameter.Formoreinformationonhowthenumberoffieldsisdetermined,seeCSVInputFormatFields.
Example: -fixedFields:OFF
![Page 237: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/237.jpg)
nFields
Values: numberoffields(number)
Default: -1
Description: NumberoffieldsintheCSVdatarecords.
Details: Whenthe"fixedFields"parameterissetto"ON",thisparameterspecifiesthenumberoffieldsintheinputCSVdata.Whenthe"fixedFields"parameterissetto"OFF",thisparameterspecifiestheminimumnumberoffieldsintheinputCSVdata.Ifthefirstnlinesofinputdatacontainmorefieldsthanthespecifiednumberoffields,wherenisthevalueofthe"dtLines"parameter,thenthenumberoffieldsisassumedtobethemaximumnumberoffieldsfoundwithinthenlinesofdata.Thespecial"-1"valuespecifiesthatthenumberoffieldsistobedeductedbyinspectingthefirstnlinesofinputdata,wherenisthevalueofthe"dtLines"parameter.Formoreinformationonhowthenumberoffieldsisdetermined,seeCSVInputFormatFields.
Example: -nFields:3dtLines
Values: numberoflines(number)
Default: 10
Description: Numberoflinesexaminedtodeterminenumberoffieldsandfieldtypesatruntime.
Details: ThisparameterspecifiesthenumberofinitiallinesthattheCSVinputformatexaminestodeterminethenumberoftheinputrecordfieldsandthedatatypeofeachfield.
![Page 238: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/238.jpg)
Ifthevalueis0,allfieldswillbeassumedtobeoftheSTRINGdatatype.Formoreinformationonhowthenumberoffieldsandtheirdatatypesaredetermined,seeCSVInputFormatFields.
Example: -dtLines:50iDQuotes
Values: Auto|Ignore
Default: Auto
Description: Behaviorwithdouble-quotedfields.
Details: Whenthisparameterissetto"Auto"andafieldvalueisenclosedwithindouble-quotecharacters("),theCSVinputformatparsesthefieldignoringcommacharacters(,)withinthedouble-quotes,andreturnstheenclosedvaluestrippingoffthesurroundingdouble-quotecharacters.Whensetto"Ignore",theCSVinputformatdoesnotperformanydouble-quoteprocessing,andfieldvaluesarereturnedverbatim,includingdouble-quotecharacters.
Example: -iDQuotes:IgnorenSkipLines
Values: numberoflines(number)
Default: 0
Description: Numberofinitiallinestoskip.
Details: Whenthisparameterissettoavaluegreaterthanzero,theCSVinputformatskipsthefirstnlinesofeachinputfilebeforeparsingitsheaderline,wherenisthevaluespecifiedforthisparameter.
![Page 239: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/239.jpg)
Example: -nSkipLines:5comment
Values: anystring
Default: notspecified
Description: Skiplinesbeginningwiththisstring.
Details: Whenthisparameterissettoanon-emptystring,theCSVinputformatskipsalltheinputCSVlinesthatbeginwiththisstring.
Example: -comment:"MetaData:"iCodepage
Values: codepageID(number)
Default: 0
Description: CodepageoftheCSVfile.
Details: 0isthesystemcodepage,-1isUNICODE.
Example: -iCodepage:1245iTsFormat
Values: timestampformat
Default: yyyy-MM-ddhh:mm:ss
Description: FormatoftimestampvaluesintheinputCSVdata.
Details: Thisparameterspecifiesthedateand/ortimeformatusedintheCSVdatabeingparsed.ValuesoffieldsmatchingthespecifiedformatarereturnedasvaluesoftheTIMESTAMPdatatype.Formoreinformationondateandtimeformats,seeTimestampFormat
![Page 240: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/240.jpg)
Specifiers.
Example: -iTsFormat:"MMMdd,yyyy"iCheckpoint
Values: checkpointfilename
Default: notspecified
Description: Loadandsavecheckpointinformationtothisfile.
Details: Thisparameterenablesthe"IncrementalParsing"featurethatallowssequentialexecutionsofthesamequerytoonlyprocessneweventsthathavebeenloggedsincethelastexecution.Formoreinformation,seeParsingInputIncrementally.
Example: -iCheckpoint:C:\Temp\myCheckpoint.lpc
©2004MicrosoftCorporation.Allrightsreserved.
![Page 241: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/241.jpg)
CSVInputFormatExamplesAverageProcessorUsageperMinuteParseaPerfMonCSVlogfileandcalculatetheaverageprocessorusageperminute:
LogParser"SELECTQUANTIZE([(PDH-CSV4.0)(PacificDaylightTime)(420)],60)ASMinute,AVG([\\GAB1\Processor(_Total)\%ProcessorTime])ASAVGProcessorFROMPerfMon_000001.csvGROUPBYMinute"-i:CSV-iTsFormat:"MM/dd/yyyyhh:mm:ss.ll"
©2004MicrosoftCorporation.Allrightsreserved.
![Page 242: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/242.jpg)
ETWInputFormatTheETWinputformatparsesEnterpriseTracingforWindowstracelogfiles(.etlfiles)andliveETWtracesessions.
EnterpriseTracingforWindows(ETW)isaframeworkforimplementingtracingprovidersthatcanbeusedfordebuggingandcapacityplanning.AnETWtracelogorlivesessionconsistsofastreamof"Events",eachpublishedbya"Provider".WindowseventprovidersincludetheKernel,IIS,COM+,andmanyotherWindowscomponents.Eacheventhasitsownsetofnamedproperties,orfields,containingtheeventdata.ThestructureofeacheventisdescribedbyaWMIclassderivedfromthe"EventTrace"classandregisteredwiththeWMIrepositoryduringthesetupoftheprovidercomponent.TheETWinputformatqueriestheWMIrepositoryfortheseclassesinordertoretrieveinformationaboutthestructureofeachevent.
ETWtracelogfilesandlivesessionscanbecontrolledthrougheitherthePerfMonutility,orthroughthetracelog.exeorlogman.execommand-linetools.
From-EntitySyntaxFieldsParametersExamples
©2004MicrosoftCorporation.Allrightsreserved.
![Page 243: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/243.jpg)
ETWInputFormatFrom-EntitySyntax<from-entity> ::= <etl_file_name>[,<etl_file_name>...]|
<live_session_name>
The<from-entity>specifiedinqueriesusingtheETWinputformatcanassumeoneofthefollowingvalues:
Acomma-separatedlistofpathsto.etlETWtracelogfiles;ThenameofanETWlivetracingsession.
Examples:
FROMMyTrace1.etl,MyTrace2.etl,MyTrace3.etl
FROM\\COMPUTER01\TraceFiles\MyTrace.etl,\\COMPUTER02\TraceFiles\MyTrace.etlFROMMyLiveSession
©2004MicrosoftCorporation.Allrightsreserved.
![Page 244: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/244.jpg)
ETWInputFormatFieldsThestructureoftheinputrecordsgeneratedbytheETWinputformatisdeterminedatruntime,dependingontheETWtracebeingparsed,andonthevaluespecifiedforthefMode("fieldmode")parameter,whichcanbesetto"Compact","FNames","Full",or"Meta".
CompactFieldModeWhenthe"fMode"parameterissetto"Compact",theETWinputformatgeneratesaninputrecordforeacheventinthetracebeingparsed.Inthismode,inputrecordscontainfourfieldscommontoalltheevents,plusanadditional"UserData"fieldcontainingthevaluesofallthepropertiesspecifictotheeventbeingprocessed,concatenatedintoasinglestringvalueusingthecharacterspecifiedforthecompactModeSepparameterasaseparatorbetweenthevalues.Thefollowingtableshowsthefieldsoftheinputrecordsgeneratedinthe"Compact"fieldmode:
Name Type Description
EventNumber INTEGER Indexofthiseventinthetracebeingparsed
EventName STRING Nameoftheevent
EventTypeName STRING Nameoftheeventtype
Timestamp TIMESTAMP Dateandtimeatwhichtheeventwastraced
UserData STRING Event-specificpropertyvalues
Thefollowingexampleshowssomesample"UserData"fieldvalues
![Page 245: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/245.jpg)
generatedinthe"Compact"fieldmode:
UserData----------------------------------------------------DefaultAppPool|0|http://localhost:80/|GET{00000000-0000-0000-1200-0060000000fc}|/DefaultAppPool|0|http://localhost:80/default.htm|GET
The"Compact"fieldmodeprovidesaneasilyreadablewaytodisplaytheeventscontainedinanETWtrace,butqueriesoperatinginthismodecannotreferencepropertiesofaspecificevent.
FNamesFieldModeThe"FNames"fieldmodeoperatessimilartothe"Compact"fieldmode,buteachpropertyvalueinthe"UserData"fieldisprecededbythenameofthepropertyforbetterreadability.
Thefollowingexampleshowssomesample"UserData"fieldvaluesgeneratedinthe"FNames"fieldmode:
UserData-----------------------------------------------------------------------------------------------AppPoolId=DefaultAppPool|RawConnId=0|RequestURL=http://localhost:80/|RequestVerb=GETContextId={00000000-0000-0000-1200-0060000000fc}|RequestURL=/AppPoolId=DefaultAppPool|RawConnId=0|RequestURL=http://localhost:80/default.htm|RequestVerb=GET
FullFieldModeIn"Full"fieldmode,theETWinputformatgeneratesaninputrecordforeacheventinthetracebeingparsed.Inthismode,inputrecordscontainafieldforeachpropertyofeacheventgeneratedbytheprovidersinthetracebeingparsed.
Whenoperatingin"Full"fieldmode,theETWinputformatworkswithatwo-stageapproach.Duringthefirststage,theETWinputformatexaminestheinputtracetodeterminewhichprovidershaveloggedeventsinthetracebeingparsed.Whentheprovidersparameterisleftunspecified,theETWinputformatpre-processesanumberofeventsequaltothevaluespecifiedforthedtEventsLogordtEventsLiveparameters,dependingonwhetherornotthetracebeingparsedisatracelogfileoralivetracesession.Afterparsingtheseinitialevents,theETWinputformatassumesthatthetrace
![Page 246: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/246.jpg)
beingparsedcontainsalltheeventsthatcanbeloggedbytheprovidersfoundamongtheseinitialevents.Ontheotherhand,whenthe"providers"parameterissettoeitheracomma-separatedlistofprovidernamesorGUIDsortothepathtoatextfilecontainingalistofprovidernamesorGUIDs,theETWinputformatassumesthatthetracebeingparsedcontainsalltheeventsthatcanbeloggedbythespecifiedproviders.
Oncethesetofprovidersloggingintheinputtracehasbeenidentified,theETWinputformat"constructs"theinputrecordstructure.Thefirst20inputrecordfieldsarecommontoalltheevents,andtheyaredescribedinthefollowingtable:
Name Type Description
TraceName STRING Tracefileorsessionnamecontainingthisevent
EventNumber INTEGER Indexofthiseventinthetracebeingparsed
Timestamp TIMESTAMP Dateandtimeatwhichtheeventwastraced
InstanceID INTEGER InstanceIDfieldofthisevent
ParentInstanceID INTEGER ParentInstanceIDfieldofthisevent
ParentGUID STRING ParentGUIDfieldofthisevent
ProviderDescription STRING Nameoftheproviderofthisevent
![Page 247: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/247.jpg)
ProviderGUID STRING GUIDoftheproviderofthisevent
EventName STRING Nameofthisevent
EventDescription STRING Descriptionofthisevent
EventVersion INTEGER Versionofthisevent
EventGUID STRING GUIDofthisevent
EventType INTEGER Typeofthisevent
EventTypeName STRING Nameofthiseventtype
EventTypeDescription STRING Descriptionofthiseventtype
EventTypeLevel INTEGER Levelofthiseventtype
ThreadID INTEGER IDofthethreadthatloggedthisevent
ProcessID INTEGER IDoftheprocessthatloggedthisevent
KernelTime INTEGER Elapsedexecutiontimeforkernelmodeinstructions,inCPUticks
UserTime INTEGER Elapsedexecutiontimeforusermodeinstructions,inCPUticks
These20fieldsarethenfollowedbytheunionofallthepropertiesofall
![Page 248: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/248.jpg)
theeventsthatcanbeloggedbytheprovidersidentifiedduringthisstage.
Duringthesecondstage,theETWinputformatparsesthetraceeventsfrombeginningtoend,generatinganinputrecordforeachevent.Foranygivenevent,onlythefirst20inputrecordfieldsandthefieldscorrespondingtotheeventpropertiesarepopulatedwithavalue;alltheotherinputrecordfieldscorrespondingtopropertiesofothereventsaresettoNULLvalues.
Thefollowingsampleoutputshowsselectedfieldsfromtheinputrecordsgeneratedwhenparsingthepreviousexamplein"Full"fieldmode:
AppPoolIdRawConnIdContextIdRequestURLRequestVerb-------------------------------------------------------------------------------------------------------DefaultAppPool0-http://localhost:80/GET--{00000000-0000-0000-1200-0060000000fc}/-DefaultAppPool0-http://localhost:80/default.htmGET
Queriesoperatingin"Full"modecanrefertoindividualpropertiesofevents,buttheinputrecordsgeneratedcontaintoomanyfieldsfortheresultstobeeailyredable.
MetaFieldModeIn"Meta"fieldmode,theETWinputformatreturnsmeta-informationaboutevents,generatinganinputrecordforeachpropertyofeacheventthatcanbeloggedbyeachproviderinthetrace(s)beingparsed.Inputrecordscontainmeta-dataabouttheeventproperties,includinginformationaboutthepropertytype,informationabouttheeventcontainingtheproperty,andinformationabouttheprovidergeneratingtheevent.
The"Meta"fieldmodeemploysatwo-stageparsingschemasimilartothe"Full"fieldmode.Duringthefirststage,theETWinputformatpre-processestheinputtracetodeterminethesetofprovidersthatgeneratedeventsinthetrace.Inthismode,however,oncethesetofprovidershasbeenidentified,theETWinputformatdoesnotprocessthetrace,butratherreturnstheeventmeta-informationpopulatingtheinputrecordfieldsdescribedinthefollowingtable:
![Page 249: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/249.jpg)
Name Type Description
ProviderDescription STRING Descriptionoftheprovider
ProviderClassName STRING WMIclassnameoftheprovider
ProviderGUID STRING GUIDoftheprovider
EventName STRING Nameoftheevent
EventDescription STRING Descriptionoftheevent
EventVersion INTEGER Versionoftheevent
EventClassName STRING WMIclassnameoftheevent
EventGUID STRING GUIDoftheEvent
EventType INTEGER Typeoftheevent
EventTypeName STRING Nameoftheeventtype
EventTypeDescription STRING Descriptionoftheeventtype
EventTypeClassName STRING WMIclassnameoftheeventtype
EventTypeLevel INTEGER Leveloftheeventtype
FieldName STRING Nameofthiseventfield
FieldDescription STRING Descriptionofthiseventfield
FieldIndex INTEGER Indexofthisfieldamongtheevent'sfields
![Page 250: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/250.jpg)
FieldType STRING WMItypeofthisfield
©2004MicrosoftCorporation.Allrightsreserved.
![Page 251: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/251.jpg)
ETWInputFormatParametersTheEVTinputformatsupportsthefollowingparameters:
fMode
Values: Full|Compact|FNames|Meta
Default: FNames
Description: Operationmode.
Details: ThisparameterspecifieshowtheETWinputformatshouldreturntheinformationcontainedinthetrace(s)beingparsed.Formoreinformationonthedifferentfieldmodes,seeETWInputFormatFields.
Example: -fMode:Fullproviders
Values: filenameorcomma-separatedlistofprovidernamesorGUIDs
Default: notspecified
Description: Listofprovidersforthe"Full"or"Meta"fieldmodes.
Details: Thisparameterspecifiesthesetofprovidersloggingtotheinputtrace(s)toallowthe"Full"or"Meta"fieldmodestoearlydetecttheproviderstoprocess.Thevalueofthisparametercaneitherbythepathtoatextfilecontainingtheproviders'GUIDs(inthesameformatacceptedbythe"pf"argumentofthelogman.exetool),oracomma-separatedlistofprovidernamesorGUIDs.IfthisparameterisnotspecifiedwhentheETWinputformatoperatesin"Full"or"Meta"fieldmode,thenthesetofproviderswillbedetectedbypre-processingthefirstnevents,wherenisthevaluespecifiedforthe
![Page 252: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/252.jpg)
"dtEventsLog"or"dtEventsLive"parameters.Formoreinformationaboutthedifferentfieldmodes,seeETWInputFormatFields.
Examples: -providers:MyProviders.guid -providers:"IIS:WWWServer,IIS:ActiveServerPages
(ASP)"dtEventsLog
Values: numberofevents(number)
Default: 3000
Description: Numberoftracelogfileeventsexaminedtodetectthesetofprovidersin"Full"or"Meta"fieldmodes.
Details: ThisparameterspecifiesthenumberofinitialeventsthattheETWinputformatexaminestodetectthesetofproviderslogginginaninputtracelogfilewhenoperatinginthe"Full"or"Meta"fieldmodes.Thevalueofthisparameterisonlyusedwhenthe"providers"parameterisleftunspecified.Formoreinformationaboutthedifferentfieldmodes,seeETWInputFormatFields.
Example: -dtEventsLog:100dtEventsLive
Values: numberofevents(number)
Default: 20
Description: Numberoflivetracesessioneventsexaminedtodetectthesetofprovidersin"Full"or"Meta"fieldmodes.
Details: ThisparameterspecifiesthenumberofinitialeventsthattheETWinputformatexaminestodetectthesetofproviderslogginginaninputlivetracesessionwhen
![Page 253: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/253.jpg)
operatinginthe"Full"or"Meta"fieldmodes.Thevalueofthisparameterisonlyusedwhenthe"providers"parameterisleftunspecified.Formoreinformationaboutthedifferentfieldmodes,seeETWInputFormatFields.
Example: -dtEventsLive:100flushPeriod
Values: milliseconds
Default: 500
Description: Numberofmillisecondsbetweenlivetracesessionflushes.
Details: Whenprocessingalivetracesession,theinternalbufferingmechanismsoftheETWinfrastructuremightcauseeventstoappearwithanoticeabledelay.ThisparameterspecifieshowoftentheETWinputformatshouldforceabufferflushtoretrievereal-timeevents.
Example: -flushPeriod:2000ignoreEventTrace
Values: ON|OFF
Default: ON
Description: IgnoreEventTraceevents.
Details: Theveryfirsteventinanytracesessionisthe"EventTrace"event,whichcontainsmeta-dataaboutthetracesession.ThisparameterspecifieswhetherornotthiseventshouldbeprocessedandreturnedbytheETWinputformat.
Example: -ignoreEventTrace:OFF
![Page 254: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/254.jpg)
compactModeSep
Values: anystring
Default: |
Description: Separatorbetweenthevaluesofthe"UserData"fieldinthe"Compact"or"FNames"fieldmodes.
Details: Whenoperatinginthe"Compact"or"FNames"fieldmodes,the"UserData"fieldcontainsallthepropertiesoftheeventbeingprocessedconcatenatedoneaftertheother,usingthevalueofthisparameterasaseparatorbetweentheelements.
Example: -compactModeSep:,expandEnums
Values: ON|OFF
Default: ON
Description: Expandenumerationeventproperties.
Details: ManyETWeventscontainnumericpropertieswhosevaluesdescribeenumerations.Thisparameterspecifieswhetherornotthenumericvaluesofpropertiesofthistypeshouldbeexpandedtoreturnthetextrepresentationoftheenumerationvalues.
Example: -expandEnums:OFFignoreLostEvents
Values: ON|OFF
Default: ON
Description: Ignorelostevents.
![Page 255: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/255.jpg)
Details: ETWtracescontaininformationabouteventsthatmighthavebeenlostduringthetracingsession.Ifthisparameterissetto"OFF"andtheinputtraceindicatesthepresenceoflostevents,theETWinputformatgeneratesawarningwhenthetracehasbeencompletelyprocessedshowingthenumberofeventsthathavebeenlost.
Example: -ignoreLostEvents:OFFschemaServer
Values: computername
Default: notspecified
Description: Nameofcomputerwitheventschemainformation.
Details: ThisparameterspecifiesthenameofthecomputerwhoseWMIrepositorycontainstheschemainformationfortheeventsbeingparsed.Whenthisparameterisnotspecified,theETWinputformatconnectstothecomputerspecifiedinthefrom-entityifparsingatracefilefromaremotecomputer,ortothelocalcomputerifparsingalocaltracefileorlivetracingsession.
Example: -schemaServer:MYCOMPUTER02
©2004MicrosoftCorporation.Allrightsreserved.
![Page 256: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/256.jpg)
ETWInputFormatExamplesParsinganIIS6.0ETWTraceLogFileThisexampleshowshowtostartatracesessioncontainingeventsfromtheIIS6.0providers,howtostopthesession,andhowtoparsetheresultingtracelogfile.TheexamplecommandsshownhereapplytoWindowsServer2003.
1. ListtheGUIDsoftheprovidersregisteredwiththesystemusingthefollowingcommandfromacommand-linewindow:
C:\>logmanqueryproviders
Theoutputofthiscommandwilllooklikethefollowingsample:
ProviderGUID-------------------------------------------------------------------------------IIS:WWWGlobal{d55d3bc9-cba9-44df-827e-132d3a4596c2}ACPIDriverTraceProvider{dab01d4d-2d48-477d-b1c3-daad0ce6f06b}ActiveDirectory:Kerberos{bba3add2-c229-4cdb-ae2b-57eb6966b0c4}IIS:SSLFilter{1fbecc45-c060-4e7c-8a0e-0dbd6116181b}IIS:RequestMonitor{3b7b0b4b-4b01-44b4-a95e-3c755719aebf}IIS:WWWServer{3a2a4e84-4c21-4981-ae10-3fda0d9b0f83}IIS:ActiveServerPages(ASP){06b94d9a-b15e-456e-a4ef-37c984a2cb4b}LocalSecurityAuthority(LSA){cc85922f-db41-11d2-9244-006008269001}IIS:IISADMINGlobal{DC1271C2-A0AF-400f-850
2. Identifytheprovidersneededforthetracesession;inthisexample,thetracesessionwillbeenabledforthe"IIS:WWWServer"and"IIS:ActiveServerPages(ASP)"providers.
3. CreateatextfilecontainingtheGUIDofeachselectedprovideronaline,followedbythetracingflagsandtracinglevelvaluesfortheprovider.Formoreinformationontheavailableflagsandlevelsforaprovider,consultthecomponentdocumentation.Thefollowingexampleshowsatextfilenamed"MyProviders.guid"containingthe"IIS:WWWServer"and"IIS:ActiveServerPages(ASP)"providers:
{3a2a4e84-4c21-4981-ae10-3fda0d9b0f83}0xfffffffe5{06b94d9a-b15e-456e-a4ef-37c984a2cb4b}0xffffffff5
4. Startthetracingsessionusingtheproviderstextfileastheargumentofthe"-pf"logmancommand-lineparameter:
![Page 257: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/257.jpg)
C-4E42FE16BE1C}WindowsKernelTrace{9e814aad-3204-11d2-9a82-006008a86939}ASP.NETEvents{AFF081FE-0247-4275-9C4E-021F3DC1DA35}NTLMSecurityProtocol{C92CF544-91B3-4dc0-8E11-C580339A0BF8}IIS:WWWIsapiExtension{a1c2040e-8840-4c31-ba11-9871031a19ea}ActiveDirectory:SAM{8e598056-8993-11d2-819e-0000f875a064}HTTPServiceTrace{dd5ef90a-6398-47a4-ad34-4dcecdef795f}ActiveDirectory:NetLogon{f33959b4-dbec-11d2-895b-00c04f79ab69}SpoolerTraceControl{94a984ef-f525-4bf1-be3c-ef374056a592}
Thecommandcompletedsuccessfully.
C:\>logmanstartExampleTrace-pfMyProviders.guid-ets
5. Thetracingsessionhasnowstarted,andtheselectedproviderswillbeloggingeventsforeachrequesttotheIISWebServer.
6. Whendesired,thetracingsessioncanbestoppedwiththefollowingcommand:
C:\>logmanstopExampleTrace-ets
7. Afterthetracingsessionhasbeenstopped,theETWtracelogfilenamed"ExampleTrace.etl"isavailableforuse.ThefollowingLogParsercommandparsestheETWtracelogfileanddisplaystheloggedevents:
C:\>LogParser"SELECT*FROMExampleTrace.etl"-i:ETW
Theoutputofthiscommandwilllooklikethefollowingsample:
EventNumberEventNameEventTypeNameTimestampUserData--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------2IISGeneralGENERAL_REQUEST_START2004-10-1420:27:26.624.399000ContextId={00000000-0000-0000-1200-0060000000fc}|SiteId=1|AppPoolId=DefaultAppPool|ConnId=-288230375077969904|RawConnId=0|RequestURL=http://localhost:80/|RequestVerb=GET3IISFilterFILTER_START2004-10-1420:27:26.624.399000ContextId={00000000-0000-0000-1200-0060000000fc}|FilterName=C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll4IISFilterFILTER_PREPROC_HEADERS_START2004-10-1420:27:26.624.399000ContextId={00000000-0000-0000-12
ParsingaliveIIS6.0ETWTraceSessionThisexampleshowshowtostartalivetracesessioncontainingeventsfromtheIIS6.0providers,howtostartaLogParsercommandthatshowstheeventsinreal-time,andhowtostopthesession.TheexamplecommandsshownhereapplytoWindowsServer2003.
1. Executesteps1-3fromtheexampleabove.4. Startthetracingsessionusingtheproviderstextfileasthe
argumentofthe"-pf"logmancommand-lineparameter,specifyingalsothe"-rt"flagtoenableareal-timetracingsession:
C:\>logmanstartExampleTrace-pfMyProviders.guid-ets-rt
![Page 258: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/258.jpg)
00-0060000000fc}5IISFilterFILTER_PREPROC_HEADERS_END2004-10-1420:27:26.624.399000ContextId={00000000-0000-0000-1200-0060000000fc}6IISFilterFILTER_END2004-10-1420:27:26.624.399000ContextId={00000000-0000-0000-1200-0060000000fc}7IISFilterFILTER_START2004-10-1420:27:26.624.399000ContextId={00000000-0000-0000-1200-0060000000fc}|FilterName=C:\ProgramFiles\CommonFiles\MicrosoftShared\WebServerExtensions\50\bin\fpexedll.dll8IISFilterFILTER_PREPROC_HEADERS_START2004-10-1420:27:26.624.399000ContextId={00000000-0000-0000-1200-0060000000fc}9IISFilterFILTER_PREPROC_HEADERS_END2004-10-1420:27:26.624.399000ContextId={00000000-0000-0000-1200-0060000000fc}10IISFilterFILTER_END2004-10-1420:27:26.624.399000ContextId={00000000-0000-0000-1200-0060000000fc}11IISCacheURL_CACHE_ACCESS_START2004-10-1420:27:26.624.399000ContextId={00000000-0000-0000-1200-0060000000fc}|RequestURL=/
5. Thetracingsessionhasnowstarted,andtheselectedproviderswillbeloggingeventsforeachrequesttotheIISWebServer.
6. Fromaseparatecommand-lineshellwindow,executethefollowingLogParsercommandtoparsethelivetracingsessioninreal-time:
C:\>LogParser"SELECT*FROMExampleTrace"-i:ETW
ThisLogParsercommandwilloutputthetraceeventsindefinitely,untilthecommandismanuallyaborted,oruntilthetracingsessionisstopped.
7. Whendesired,thetracingsessioncanbestoppedwiththefollowingcommand:
C:\>logmanstopExampleTrace-ets
©2004MicrosoftCorporation.Allrightsreserved.
![Page 259: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/259.jpg)
EVTInputFormatTheEVTinputformatreturnseventsfromtheWindowsEventLogandfromEventLogbackupfiles(.evtfiles).
ThisinputformatreadseventinformationfromtheWindowsEventLog,includinglocalandremoteSystem,Application,Security,andcustomeventlogs,aswellasfromEventLogbackupfiles.
From-EntitySyntaxFieldsParametersExamples
©2004MicrosoftCorporation.Allrightsreserved.
![Page 260: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/260.jpg)
EVTInputFormatFrom-EntitySyntax<from-entity> ::= <event_log>[,<event_log>...]
<event_log> ::= [\\<computer_name>\]<event_log_name>|<event_log_backup_filename>
The<from-entity>specifiedinqueriesusingtheEVTinputformatisacomma-separatedlistof:
NamesofEventLogs("System","Application","Security",oracustomeventlog),optionallyprecededbythenameofaremotecomputerintheUNCnotation;PathsofEventLogbackupfiles(.evtfiles),optionallyincludingwildcards.
Namesofcustomeventlogsthatincludespacecharactersmustbespecifiedwithinsingle-quotecharacters.
Examples:
FROMSystem,Application,\\SERVER2\System,\\SERVER2\Application
FROMSystem,Application,'MyCustomEventLog'
FROMD:\MyEVTLogs\*.evt,\\SERVER2\D$\MyEVTLogs\*.evt
FROMSystem,D:\MyEVTLogs\System.evt
©2004MicrosoftCorporation.Allrightsreserved.
![Page 261: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/261.jpg)
EVTInputFormatFieldsTheinputrecordsgeneratedbytheEVTinputformatcontainthefollowingfields:
Name Type Description
EventLog STRING NameoftheEventLogorEventLogbackupfilecontainingthisevent
RecordNumber INTEGER IndexofthiseventintheEventLogorEventLogbackupfilecontainingthisevent
TimeGenerated TIMESTAMP Thedateandtimeatwhichtheeventwasgenerated(localtime)
TimeWritten TIMESTAMP Thedateandtimeatwhichtheeventwaslogged(localtime)
EventID INTEGER TheIDoftheevent
EventType INTEGER Thenumerictypeoftheevent
EventTypeName STRING Thedescriptivetypeoftheevent
EventCategory INTEGER Thenumericcategoryofthe
![Page 262: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/262.jpg)
event
EventCategoryName STRING Thedescriptivecategoryoftheevent
SourceName STRING Thesourcethatgeneratedtheevent
Strings STRING Thetextualdataassociatedwiththeevent
ComputerName STRING Thenameofthecomputeronwhichtheeventwasgenerated
SID STRING TheSecurityIdentifierassociatedwiththeevent
Message STRING Thefulleventmessage
Data STRING Thebinarydataassociatedwiththeevent
©2004MicrosoftCorporation.Allrightsreserved.
![Page 263: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/263.jpg)
EVTInputFormatParametersTheEVTinputformatsupportsthefollowingparameters:
fullText
Values: ON|OFF
Default: ON
Description: Retrievethefulltextmessage.
Details: Thisparameterenables/disablestheretrievalofEventLogtextmessages.
Example: -fullText:OFFresolveSIDs
Values: ON|OFF
Default: OFF
Description: ResolveSIDvaluesintofullaccountnames.
Details: Whensetto"ON",thisparametercausestheEVTinputformattoperformanaccountnamelookupforeachSIDvalueintheeventsbeingparsed,andreturntheaccountnameinsteadoftheSIDalphanumericalvalue.
Example: -resolveSIDs:ONformatMsg
Values: ON|OFF
Default: ON
Description: Formatthetextmessageasasingleline.
Details: Eventtextmessagesoftenspanmultiplelines.Whenthisparameteris
![Page 264: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/264.jpg)
setto"ON",theEVTinputformatpreservesreadabilityofthebyremovingcarriage-return,line-feed,andmultiplespacecharactersfromthemessagetext.Whenthisparameterissetto"OFF",theEVTinputformatreturnstheoriginalmessagetextwithnointerveningpost-processing.
Example: -formatMsg:OFFmsgErrorMode
Values: NULL|ERROR|MSG
Default: MSG
Description: Behaviorwheneventmessagesoreventcategorynamescannotberesolved.
Details: Thetextofaneventlogmessageandthetextualnameofitscategoryarestoredinbinaryfilesinstalledwiththeapplicationthatgeneratestheeventlog.Insomecases,uninstallingtheapplicationorreconfiguringtheapplicationmightcausethelossofthenecessarybinaryfiles,thusmakingitimpossibletoretrievethetextdataforthoseeventsthathadbeenloggedpriortothereconfiguration.ThisparameterspecifiesthedesiredbehaviorfortheEVTinputformatwhenaneventlogmessagetextoritscategorynamecannotberetrieved.Whenthisparameterissetto"NULL",the"Message"or"EventCategoryName"fieldvalueisreturnedasaNULLvalue.Whensetto"ERROR",aparseerrorisreturned.Whensetto"MSG",amessageisreturnedforthefield,specifyingthatthetextofthemessageorthecategorynamecouldnotbefound.
Example: -msgErrorMode:NULLfullEventCode
Values: ON|OFF
Default: OFF
![Page 265: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/265.jpg)
Description: ReturnthefulleventIDcodeinsteadofthefriendlycode.
Details: Whenthisparameterissetto"ON",theEVTinputformatreturnsthefull32-bitvalueoftheeventIDcode.Whensetto"OFF",theEVTinputformatreturnsthelower16-bitvalueofthecode(asdisplayedbytheEventViewer).
Example: -fullEventCode:ONdirection
Values: FW|BW
Default: FW
Description: Chronologicaldirectioninwhicheventsareretrieved.
Details: Whensetto"FW",eventsareretrievedfromtheoldesttothenewest.Whensetto"BW",eventsareretrievedfromthenewesttotheoldest.Thisparameterisespeciallyusefulwithqueriesthatusethekeywordtoretrievethelastnloggedevents.
Example: -direction:BWstringsSep
Values: anystring
Default: |
Description: Separatorbetweenvaluesofthe"Strings"field.
Details: The"Strings"fieldcontainsanarrayoftextdataassociatedwiththeevent.Thevalueofthisfieldisbuiltbyconcatenatingtheoneaftertheother,usingthevalueofthisparameterasaseparatorbetweentheelements.
Example: -stringsSep:,iCheckpoint
![Page 266: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/266.jpg)
Values: checkpointfilename
Default: notspecified
Description: Loadandsavecheckpointinformationtothisfile.
Details: Thisparameterenablesthe"IncrementalParsing"featurethatallowssequentialexecutionsofthesamequerytoonlyprocessneweventsthathavebeenloggedsincethelastexecution.Formoreinformation,seeParsingInputIncrementally.
Example: -iCheckpoint:C:\Temp\myCheckpoint.lpcbinaryFormat
Values: ASC|PRINT|HEX
Default: HEX
Description: Formatofthe"Data"binaryfield.
Details: The"Data"fieldcontainsbinarydatathatisoftennotsuitabletobetextuallyrepresented.Whenthisparameterissetto"ASC",databytesbelongingtothe0x20-0x7FrangearereturnedasASCIIcharacters,whiledatabytesoutsidetherangearereturnedasperiod(.)characters,asshowninthefollowingexample:
Bucket:02096553..rundll32.exe
Whenthisparameterissetto"PRINT",databytesrepresentingprintableASCIIcharactersarereturnedasASCIIcharacters,whiledatabytesthatdonotrepresentprintableASCIIcharactersarereturnedasperiod(.)characters,asshowninthefollowingexample:
Bucket:02096553rundll32.exeWhenthisparameterissetto"HEX",alldatabytesarereturnedastwo-digithexadecimalvalues,asshowninthefollowingexample:
![Page 267: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/267.jpg)
4275636B65743A2030323039363535330D0A72756E646C6C33322E657865
Example: -binaryFormat:PRINT
©2004MicrosoftCorporation.Allrightsreserved.
![Page 268: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/268.jpg)
EVTInputFormatExamplesLogonsCreateanXMLreportfilecontaininglogonaccountnamesanddatesfromtheSecurityEventLog:
LogParser"SELECTTimeGeneratedASLogonDate,EXTRACT_TOKEN(Strings,0,'|')ASAccountINTOReport.xmlFROMSecurityWHEREEventIDNOTIN(541;542;543)ANDEventType=8ANDEventCategory=2"
EventDistributionRetrievethedistributionofEventIDvaluesforeachEventSource:
LogParser"SELECTSourceName,EventID,MUL(PROPCOUNT(*)ON(SourceName),100.0)ASPercentFROMSystemGROUPBYSourceName,EventIDORDERBYSourceName,PercentDESC"
EventMessageReportCreateTSVfilescontainingEventMessagesforeachSourceintheApplicationEventLog:
LogParser"SELECTSourceName,MessageINTOmyFile_*.tsvFROM\\MYSERVER1\Application,\\MYSERVER2\Application"
©2004MicrosoftCorporation.Allrightsreserved.
![Page 269: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/269.jpg)
FSInputFormatTheFSinputformatreturnsinformationonfilesanddirectories.
TheFSinputformatenumeratesthefilesanddirectoriesmatchingthesearchpath(s)specifiedinthefrom-entity,muchliketheWindowsshell"dir"command,returninganinputrecordforeachfileanddirectoryintheenumeration.
From-EntitySyntaxFieldsParametersExamples
Seealso:REGInputFormat
©2004MicrosoftCorporation.Allrightsreserved.
![Page 270: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/270.jpg)
FSInputFormatFrom-EntitySyntax<from-entity> ::= <path>[,<path>...]
The<from-entity>specifiedinqueriesusingtheFSinputformatisacomma-separatedlistofpaths,eventuallycontainingwildcards.
Examples:
FROMC:\Windows\*.dll,\\MYSERVER\C$\Windows\*.dll
FROM*.*
FROMC:\*.*,D:\*.*
FROMC:\Windows\Explorer.exe
©2004MicrosoftCorporation.Allrightsreserved.
![Page 271: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/271.jpg)
FSInputFormatFieldsTheinputrecordsgeneratedbytheFSinputformatcontainthefollowingfields:
Name Type Description
Path STRING Fullpathofthefileordirectory
Name STRING Nameofthefileordirectory
Size INTEGER Sizeofthefile,inbytes
Attributes STRING Attributesofthefileordirectory
CreationTime TIMESTAMP Dateandtimeatwhichthefileordirectoryhasbeencreated(localorUTCtime,dependingonthevalueoftheuseLocalTimeparameter)
LastAccessTime TIMESTAMP Dateandtimeatwhichthefileordirectoryhasbeenlastaccessed(localorUTCtime,dependingonthevalueoftheuseLocalTimeparameter)
LastWriteTime TIMESTAMP Dateandtimeatwhichthefileordirectoryhasbeenlastmodified(localorUTCtime,dependingonthevalueoftheuseLocalTimeparameter)
![Page 272: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/272.jpg)
FileVersion STRING Versionofthefile
ProductVersion STRING Versionoftheproductthefileisdistributedwith
InternalName STRING Internalnameofthefile
ProductName STRING Nameoftheproductthefileisdistributedwith
CompanyName STRING Nameofthevendorcompanythatproducedthefile
LegalCopyright STRING Copyrightnoticesthatapplytothefile
LegalTrademarks STRING Trademarksandregisteredtrademarksthatapplytothefile
PrivateBuild STRING Privateversioninformationofthefile
SpecialBuild STRING Specialfilebuildnotes
Comments STRING Commentsassociatedwiththefile
FileDescription STRING Descriptionofthefile
OriginalFilename STRING Originalnameofthefile
©2004MicrosoftCorporation.Allrightsreserved.
![Page 273: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/273.jpg)
FSInputFormatParametersTheFSinputformatsupportsthefollowingparameters:
recurse
Values: recursionlevel(number)
Default: -1
Description: Maxsubdirectoryrecursionlevel.
Details: 0disablessubdirectoryrecursion;-1enablesunlimitedrecursion.
Example: -recurse:2preserveLastAccTime
Values: ON|OFF
Default: OFF
Description: Preservethelastaccesstimeofvisitedfiles.
Details: Enumeratingfilesanddirectoriescausestheirlastaccesstimetobeupdated.Settingthisparameterto"ON"causestheFSinputformattorestorethelastaccesstimeofthefilesbeingvisited.
Example: -preserveLastAccTime:ONuseLocalTime
Values: ON|OFF
Default: ON
Description: Uselocaltimefortimestampfields.
Details: Whensetto"ON",thevaluesofthe"CreationTime",
![Page 274: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/274.jpg)
"LastAccessTime",and"LastWriteTime"fieldsareexpressedinlocaltime.Whensetto"OFF",thevaluesofthesefieldsareexpressedinUniversalTimeCoordinates(UTC)time.
Example: -useLocalTime:OFF
©2004MicrosoftCorporation.Allrightsreserved.
![Page 275: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/275.jpg)
FSInputFormatExamplesTenLargestFilesPrintthe10largestfilesontheC:drive:
LogParser"SELECTTOP10Path,Name,SizeFROMC:\*.*ORDERBYSizeDESC"-i:FS
MD5HashesofSystemFilesReturntheMD5hashofsystemexecutablefiles:
LogParser"SELECTPath,HASHMD5_FILE(Path)FROMC:\Windows\System32\*.exe"-i:FS-recurse:0
IdenticalFilesFindoutifthereareidenticalcopiesofthesamefileontheC:drive:
LogParser"SELECTHASHMD5_FILE(Path)ASHash,COUNT(*)ASNumberOfCopiesFROMC:\*.*GROUPBYHashHAVINGNumberOfCopies>1"-i:FS
©2004MicrosoftCorporation.Allrightsreserved.
![Page 276: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/276.jpg)
HTTPERRInputFormatTheHTTPERRinputformatparsesHTTPErrorlogfilescreatedbytheHttp.sysdriver.
HTTPErrorlogfilesareserver-widetextlogfilescontaininglogentriesforHttp.sys-initiatederrorresponsestomalformedclientrequestsortovalidrequeststhatareabortedduetoabnormalcircumstances.
DependingontheversionofHttp.sys,HTTPErrorlogfilescanbeloggedintwodifferentformats.EarlierversionsofHttp.syslogHTTPErrorlogentriesasrawlinesconsistingofspace-separatedvalues.ThefollowingexampleshowsaportionofanHTTPErrorlogfilegeneratedbyearlierversionsofHttp.sys:
2002-06-2719:11:28172.30.92.883405172.30.162.21380HTTP/1.0GET/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir400-URL2002-06-2719:11:28172.30.92.883407172.30.162.21380HTTP/1.0GET/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir400-URL2002-06-2719:11:28172.30.92.883412172.30.162.21380HTTP/1.0GET/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir400-URL
LaterversionsofHttp.syslogHTTPErrorlogfilesintheW3CExtendedlogfileformat.Logfilesinthisformatbeginwithsomeinformativeheaders("directives"),themostimportantofwhichisthe"#Fields"directive,describingwhichfieldsareloggedatwhichpositioninalogrow.Afterthedirectives,thelogentriesfollow.Eachlogentryisaspace-separatedlistoffieldvalues.ThefollowingexampleshowsaportionofanHTTPErrorlogfilegeneratedbylaterversionsofHttp.sys:
#Software:MicrosoftHTTPAPI1.0#Version:1.0#Date:2003-08-0803:12:41#Fields:datetimec-ipc-ports-ips-portcs-versioncs-methodcs-urisc-statuss-siteids-reasons-queuename2003-08-0803:12:4110.193.50.9354410.193.50.980HTTP/1.1GET/ISAPI_OOP/ISAPIExtTest.dll?Action=Crash&Action;=Print&Data;=Req17769_0-1Connection_Abandoned_By_AppPoolDefaultAppPool2003-08-0803:12:4110.193.50.9354510.193.50.980HTTP/1.1GET/ISAPI
From-EntitySyntaxFieldsParametersExamples
©2004MicrosoftCorporation.Allrightsreserved.
![Page 277: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/277.jpg)
_OOP/ISAPIExtTest.dll?Action=Crash&Action;=Print&Data;=Req17769_1-1Connection_Abandoned_By_AppPoolDefaultAppPool2003-08-0803:12:4310.193.50.9354610.193.50.980HTTP/1.1GET/ISAPI_OOP/ISAPIExtTest.dll?Action=Crash&Action;=Print&Data;=Req17769_2-1Connection_Abandoned_By_AppPoolDefaultAppPool
![Page 278: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/278.jpg)
HTTPERRInputFormatFrom-EntitySyntax<from-entity> ::= HTTPERR|
<filename>[,<filename>...]
The<from-entity>specifiedinqueriesusingtheHTTERRinputformatiseitherthe"HTTPERR"keywordoracomma-separatedlistofpathsofHTTPErrorlogfiles.Whenthe"HTTPERR"keywordisused,theHTTPERRinputformatreadstheHTTPErrorlogconfigurationfromtheregistryandparsesalltheHTTPErrorlogfilescurrentlyavailableintheHTTPErrorlogfiledirectory.
Filenamescanincludewildcards(e.g."LogFiles\HTTPERR\httperr*.log").
Examples:
FROMLogFiles\HTTPERR\httperr1.log,LogFiles\HTTPERR\httperr2.log
FROM\\MYMACHINE\LogFiles\HTTPERR\httperr*.log
FROMHTTPERR
©2004MicrosoftCorporation.Allrightsreserved.
![Page 279: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/279.jpg)
HTTPERRInputFormatFieldsTheinputrecordsgeneratedbytheHTTPERRinputformatcontainthefollowingfields:
Name Type Description
LogFilename STRING Fullpathofthelogfilecontainingthisentry
LogRow INTEGER Lineinthelogfilecontainingthisentry
date TIMESTAMP Thedateonwhichtherequestwasserved(UniversalTimeCoordinates(UTC)time)
time TIMESTAMP Thetimeatwhichtherequestwasserved(UniversalTimeCoordinates(UTC)time)
s-computername
STRING Thenameoftheserverthatservedtherequest(thisfieldisloggedbylaterversionsofHttp.sysonly)
c-ip STRING TheIPaddressoftheclientthatmadetherequest
c-port INTEGER Theclientportnumberthatsenttherequest
s-ip STRING TheIPaddressoftheserverthatservedtherequest
![Page 280: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/280.jpg)
s-port INTEGER Theserverportnumberthatreceivedtherequest
cs-version STRING TheHTTPversionoftheclientrequest
cs-method STRING TheHTTPrequestverb
cs-uri STRING TheHTTPrequesturi
cs(User-Agent)
STRING TheclientrequestUser-Agentheader(thisfieldisloggedbylaterversionsofHttp.sysonly)
cs(Cookie) STRING TheclientrequestCookieheader(thisfieldisloggedbylaterversionsofHttp.sysonly)
cs(Referer) STRING TheclientrequestRefererheader(thisfieldisloggedbylaterversionsofHttp.sysonly)
cs-host STRING TheclientrequestHostheader(thisfieldisloggedbylaterversionsofHttp.sysonly)
sc-status INTEGER TheresponseHTTPstatuscode
sc-bytes INTEGER Thenumberofbytesintheresponsesentbytheserver(thisfieldisloggedbylaterversionsofHttp.sysonly)
cs-bytes INTEGER Thenumberofbytesintherequest
![Page 281: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/281.jpg)
sentbytheclient(thisfieldisloggedbylaterversionsofHttp.sysonly)
time-taken INTEGER Thenumberofmillisecondselapsedsincethemomenttheserverreceivedtherequesttothemomenttheserversenttheresponsetotheclient(thisfieldisloggedbylaterversionsofHttp.sysonly)
s-siteid INTEGER TheIISsiteinstancenumberthatservedtherequest
s-reason STRING Informationaboutwhytheerroroccurred
s-queuename STRING ThenameoftheapplicationpoolhostingtheIISworkerprocessthatprocessedtherequest(thisfieldisloggedbylaterversionsofHttp.sysonly)
©2004MicrosoftCorporation.Allrightsreserved.
![Page 282: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/282.jpg)
HTTPERRInputFormatParametersTheHTTPERRinputformatsupportsthefollowingparameters:
iCodepage
Values: codepageID(number)
Default: 0
Description: Codepageofthelogfile.
Details: 0isthesystemcodepage,-1isUNICODE.
Example: -iCodepage:1245minDateMod
Values: date/time(in"yyyy-MM-ddhh:mm:ss"format)
Default: notspecified
Description: Minimumfilelastmodifieddate,inlocaltimecoordinates.
Details: Whenthisparameterisspecified,theHTTPERRinputformatprocessesonlylogfilesthathavebeenmodifiedafterthespecifieddate.
Example: -minDateMod:"2004-05-2822:05:10"dirTime
Values: ON|OFF
Default: OFF
Description: Usethevalueofthe"#Date"directiveforthe"date"and/or"time"fieldvalueswhenthesefieldsarenotlogged.
![Page 283: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/283.jpg)
Details: Whenalogfileisconfiguredtonotlogthe"date"and/or"time"fields,specifying"ON"forthisparameterscausestheHTTPERRinputformattogenerate"date"and"time"valuesusingthevalueofthelastseen"#Date"directive.
Example: -dirTime:ONiCheckpoint
Values: checkpointfilename
Default: notspecified
Description: Loadandsavecheckpointinformationtothisfile.
Details: Thisparameterenablesthe"IncrementalParsing"featurethatallowssequentialexecutionsofthesamequerytoonlyprocessnewlogentriesthathavebeenloggedsincethelastexecution.Formoreinformation,seeParsingInputIncrementally.
Example: -iCheckpoint:C:\Temp\myCheckpoint.lpc
©2004MicrosoftCorporation.Allrightsreserved.
![Page 284: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/284.jpg)
HTTPERRInputFormatExamplesErrorsDistributionChartCreateapiechartcontainingthedistributionoferrorsintheHTTPErrorlogs:
LogParser"SELECTsc-status,PROPCOUNT(*)ASPercentageINTOPie.gifFROMHTTPERRGROUPBYsc-statusORDERBYPercentageDESC"-chartType:PieExploded-chartTitle:"ErrorsDistribution"-categories:off
©2004MicrosoftCorporation.Allrightsreserved.
![Page 285: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/285.jpg)
IISInputFormatTheIISinputformatparsesIISlogfilesintheMicrosoftIISLogFileFormat.
TheMicrosoftIISLogFileFormatisatext-based,fixed-fieldformat.Logentriesareloggedonasingleline,consistingofacomma-separatedlistoffieldvalues.
ThefollowingexampleshowsaportionofaMicrosoftIISLogFileFormatlogfile:
192.168.114.201,-,03/20/01,7:55:20,W3SVC2,SERVER,172.21.13.45,4502,163,3223,200,0,GET,/DeptLogo.gif,-,192.168.110.54,-,03/20/01,7:57:20,W3SVC2,SERVER,172.21.13.45,411,221,1967,200,0,GET,/style.css,-,From-EntitySyntaxFieldsParametersExamples
Seealso:IISOutputFormat
©2004MicrosoftCorporation.Allrightsreserved.
![Page 286: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/286.jpg)
IISInputFormatFrom-EntitySyntax<from-entity> ::= <filename>|<SiteID>[,<filename>|<SiteID>...]
<SiteID> ::= <site_number><server_comment><site_metabase_path>
The<from-entity>specifiedinqueriesusingtheIISinputformatisacomma-separatedlistof:
PathsofMicrosoftIISLogFileFormatlogfiles;IISVirtualSite"identifiers".
"Siteidentifiers"mustbeenclosedwithinanglebrackets(<and>),andcanhaveoneofthefollowingvalues:ThenumericsiteID(e.g."<1>","<28163489>");Thetextvalueofthe"ServerComment"propertyofthesite(e.g."<MyExternalSite>","<www.margiestravel.com>");Thefully-qualifiedADSImetabasepathtothesite(e.g."<//MYSERVER/W3SVC/1>"),usingeitherthenumericsiteIDorthetextvalueofthe"ServerComment"propertyofthesite.
Whena"siteidentifier"isused,theIISinputformatconnectstothespecifiedmachine'smetabase,gathersinformationonthesite'scurrentloggingproperties,andparsesallthelogfilesinthesite'scurrentlogfiledirectory.
Filenamesand"Siteidentifiers"canalsoincludewildcards(e.g."LogFiles\in04*.log","<www.*.com>").
Examples:
FROMLogFiles\in04*log,LogFiles\in03*.log,\\MyServer\LoggingShare\W3SVC2\in04*.logFROM<1>,<2>,<MyExternalSite>,inetsv9.log
![Page 287: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/287.jpg)
FROM<www.net*home.com>,<//MyServer2/W3SVC/www.net*home.com>,<//MyServer2/MSFTPSVC/*>,<*>
©2004MicrosoftCorporation.Allrightsreserved.
![Page 288: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/288.jpg)
IISInputFormatFieldsTheinputrecordsgeneratedbytheIISinputformatcontainthefollowingfields:
Name Type Description
LogFilename STRING Fullpathofthelogfilecontainingthisentry
LogRow INTEGER Lineinthelogfilecontainingthisentry
UserIP STRING TheIPaddressoftheclientthatmadetherequest
UserName STRING Thenameoftheauthenticateduserthatmadetherequest,orNULLiftherequestwasfromananonymoususer
Date TIMESTAMP Thedateonwhichtherequestwasserved(localtime)
Time TIMESTAMP Thetimeatwhichtherequestwasserved(localtime)
ServiceInstance STRING TheIISservicenameandsiteinstancenumberthatservedtherequest
HostName STRING Thenameoftheserverthatservedtherequest
![Page 289: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/289.jpg)
ServerIP STRING TheIPaddressoftheserverthatservedtherequest
TimeTaken INTEGER Thenumberofmillisecondselapsedsincethemomenttheserverreceivedtherequesttothemomenttheserversentthelastresponsechunktotheclient
BytesSent INTEGER Thenumberofbytesintherequestsentbytheclient
BytesReceived INTEGER Thenumberofbytesintheresponsesentbytheserver
StatusCode INTEGER TheresponseHTTPorFTPstatuscode
Win32StatusCode INTEGER TheWindowsstatuscodeassociatedwiththeresponseHTTPorFTPstatuscode
RequestType STRING TheHTTPrequestverborFTPoperation
Target STRING TheHTTPrequesturi-stemorFTPoperationtarget
Parameters STRING TheHTTPrequesturi-query,orNULLiftherequestedURIdidnotincludeauri-query
![Page 290: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/290.jpg)
©2004MicrosoftCorporation.Allrightsreserved.
![Page 291: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/291.jpg)
IISInputFormatParametersTheIISinputformatsupportsthefollowingparameters:
iCodepage
Values: codepageID(number)
Default: -2
Description: Codepageofthelogfile.
Details: 0isthesystemcodepage;-2specifiesthatthecodepageisautomaticallydeterminedbyinspectingthefilenameand/orthesite's"LogInUTF8"property.
Example: -iCodepage:1245recurse
Values: recursionlevel(number)
Default: 0
Description: Maxsubdirectoryrecursionlevel.
Details: 0disablessubdirectoryrecursion;-1enablesunlimitedrecursion.
Example: -recurse:-1minDateMod
Values: date/time(in"yyyy-MM-ddhh:mm:ss"format)
Default: notspecified
Description: Minimumfilelastmodifieddate,inlocaltimecoordinates.
Details: Whenthisparameterisspecified,theIISinputformat
![Page 292: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/292.jpg)
processesonlylogfilesthathavebeenmodifiedafterthespecifieddate.
Example: -minDateMod:"2004-05-2822:05:10"locale
Values: 3-characterlocaleID
Default: DEF
Description: IDofthelocaleinwhichthelogfilewasgenerated.
Details: IISversionsearlierthan6.0logthe"Date"and"Time"fieldsusingthecurrentsystemlocaledateandtimeformats.IIS6.0andlaterversionsusetheENUlocaleinstead,regardlessofthesystemlocalesettings.Forthesereasons,whenparsingMicrosoftIISLogFileFormatlogfilesonalocalewhosedateandtimeformatsdonotmatchtheformatsofthelocaleofthecomputerwherethelogfilehasbeencreated,usersneedtospecifytheIDofthesystemlocaleofthecomputerthatcreatedthelogfile.Thespecial"DEF"valuemeansthecurrentsystemlocale.
Example: -locale:JPNiCheckpoint
Values: checkpointfilename
Default: notspecified
Description: Loadandsavecheckpointinformationtothisfile.
Details: Thisparameterenablesthe"IncrementalParsing"featurethatallowssequentialexecutionsofthesamequerytoonlyprocessnewlogentriesthathavebeenloggedsincethelastexecution.Formoreinformation,seeParsingInputIncrementally.
![Page 293: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/293.jpg)
Example: -iCheckpoint:C:\Temp\myCheckpoint.lpc
©2004MicrosoftCorporation.Allrightsreserved.
![Page 294: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/294.jpg)
IISInputFormatExamplesTop20URL'sforaSiteCreateachartcontainingtheTOP20URL'sinthe"www.margiestravel.com"website(assumedtobeloggingintheIISlogformat):
LogParser"SELECTTOP20Target,COUNT(*)ASHitsINTOMyChart.gifFROM<www.margiestravel.com>GROUPBYTargetORDERBYHitsDESC"-chartType:Column3D-groupSize:1024x768
ExportErrorstoSYSLOGSenderrorentriesintheIISlogtoaSYSLOGserver:
LogParser"SELECTTO_TIMESTAMP(Date,Time),CASEStatusCodeWHEN500THEN'emerg'ELSE'err'ENDASMySeverity,HostNameASMyHostname,TargetINTO@myserverFROM<1>WHEREStatusCode>=400"-o:SYSLOG-severity:$MySeverity-hostName:$MyHostnameBytesbyExtensionChartCreateapiechartwiththetotalnumberofbytesgeneratedbyeachextension:
LogParser"SELECTEXTRACT_EXTENSION(Target)ASExtension,MUL(PROPSUM(BytesReceived),100.0)ASBytesINTOPie.gifFROM<1>GROUPBYExtensionORDERBYBytesDESC"-chartType:PieExploded-chartTitle:"Bytesperextension"-categories:off
©2004MicrosoftCorporation.Allrightsreserved.
![Page 295: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/295.jpg)
IISODBCInputFormatTheIISODBCinputformatreturnsdatabaserecordsfromthetablesloggedtobyIISwhenconfiguredtologintheODBCLogFormat.
From-EntitySyntaxFieldsExamples
©2004MicrosoftCorporation.Allrightsreserved.
![Page 296: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/296.jpg)
IISODBCInputFormatFrom-EntitySyntax<from-entity>
::= <SiteID>[,<SiteID>...]|table:<tablename>;username:<username>;password:<password>;dsn:<dsn>
<SiteID> ::= <site_number><server_comment><site_metabase_path>
The<from-entity>specifiedinqueriesusingtheIISODBCinputformatiseitheracomma-separatedlistofIISVirtualSite"identifiers",orasinglespecificationoftheODBCparametersneededtoaccessthetable.
"Siteidentifiers"mustbeenclosedwithinanglebrackets(<and>),andcanhaveoneofthefollowingvalues:
ThenumericsiteID(e.g."<1>","<28163489>");Thetextvalueofthe"ServerComment"propertyofthesite(e.g."<MyExternalSite>","<www.margiestravel.com>");Thefully-qualifiedADSImetabasepathtothesite(e.g."<//MYSERVER/W3SVC/1>"),usingeitherthenumericsiteIDorthetextvalueofthe"ServerComment"propertyofthesite.
Whena"siteidentifier"isused,theIISODBCinputformatconnectstothespecifiedmachine'smetabase,gathersinformationonthesite'scurrentODBCloggingproperties,andusesthisinformationtoconnecttothedatabasetable.
"Siteidentifiers"canalsoincludewildcards(e.g."<www.*.com>").
Examples:
![Page 297: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/297.jpg)
FROM<1>,<2>,<MyExternalSite>
FROMtable:MYLOGTABLE;username:IISLOGUSER;password:IISLOGUSERPW;dsn:IISLOGDSN
©2004MicrosoftCorporation.Allrightsreserved.
![Page 298: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/298.jpg)
IISODBCInputFormatFieldsTheinputrecordsgeneratedbytheIISODBCinputformatcontainthefollowingfields:
Name Type Description
ClientHost STRING TheIPaddressoftheclientthatmadetherequest
Username STRING Thenameoftheauthenticateduserthatmadetherequest,orNULLiftherequestwasfromananonymoususer
LogTime TIMESTAMP Thedateandtimeatwhichtherequestwasserved(localtime)
Service INTEGER TheIISservicenameandsiteinstancenumberthatservedtherequest
Machine STRING Thenameoftheserverthatservedtherequest
ServerIP STRING TheIPaddressoftheserverthatservedtherequest
ProcessingTime INTEGER Thenumberofmillisecondselapsedsincethemomenttheserverreceivedtherequesttothemomenttheserversentthelast
![Page 299: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/299.jpg)
responsechunktotheclient
BytesRecvd INTEGER Thenumberofbytesintherequestsentbytheclient
BytesSent INTEGER Thenumberofbytesintheresponsesentbytheserver
ServiceStatus INTEGER TheresponseHTTPorFTPstatuscode
Win32Status INTEGER TheWindowsstatuscodeassociatedwiththeresponseHTTPorFTPstatuscode
Operation STRING TheHTTPrequestverborFTPoperation
Target STRING TheHTTPrequesturi-stemorFTPoperationtarget
Parameters STRING TheHTTPrequesturi-query,orNULLiftherequestedURIdidnotincludeauri-query
©2004MicrosoftCorporation.Allrightsreserved.
![Page 300: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/300.jpg)
IISODBCInputFormatExamplesTop20URL'sforaSiteCreateachartcontainingtheTOP20URL'sinthe"www.margiestravel.com"website(assumedtobeloggingintheODBClogformat):
LogParser"SELECTTOP20Target,COUNT(*)ASHitsINTOMyChart.gifFROM<www.margiestravel.com>GROUPBYTargetORDERBYHitsDESC"-chartType:Column3D-groupSize:1024x768
©2004MicrosoftCorporation.Allrightsreserved.
![Page 301: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/301.jpg)
IISW3CInputFormatTheIISW3CinputformatparsesIISlogfilesintheW3CExtendedLogFileFormat.
IISwebsitesloggingintheW3CExtendedformatcanbeconfiguredtologonlyaspecificsubsetoftheavailablefields.Logfilesinthisformatbeginwithsomeinformativeheaders("directives"),themostimportantofwhichisthe"#Fields"directive,describingwhichfieldsareloggedatwhichpositioninalogrow.Afterthedirectives,thelogentriesfollow.Eachlogentryisaspace-separatedlistoffieldvalues.
IftheloggingconfigurationofanIISvirtualsiteisupdated,thestructureofthefieldsinthefilethatiscurrentlyloggedtomightchangeaccordingtothenewconfiguration.Inthiscase,anew"#Fields"directiveisloggeddescribingthenewfieldsstructure,andtheIISW3Cinputformatkeepstrackofthestructurechangeandparsesthenewlogentriesaccordingly.
ThefollowingexampleshowsaportionofaW3CExtendedLogFileFormatlogfile:
#Software:MicrosoftInternetInformationServices5.0#Version:1.0#Date:2003-11-1800:28:33#Fields:datec-ipcs-uri-stemcs-bytes2003-11-18192.168.1.101/Default.htm1002003-11-18192.168.1.104/hitcount.asp2002003-11-18192.168.1.102/images/address.gif2003-11-18192.168.1.102/cgi-bin/counts.exe400
From-EntitySyntaxFieldsParametersExamples
Seealso:W3CInputFormatW3COutputFormat
©2004MicrosoftCorporation.Allrightsreserved.
![Page 302: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/302.jpg)
IISW3CInputFormatFrom-EntitySyntax<from-entity> ::= <filename>|<SiteID>[,<filename>|<SiteID>...]
<SiteID> ::= <site_number><server_comment><site_metabase_path>
The<from-entity>specifiedinqueriesusingtheIISW3Cinputformatisacomma-separatedlistof:
PathsofIISW3CExtendedlogfiles;IISVirtualSite"identifiers".
"Siteidentifiers"mustbeenclosedwithinanglebrackets(<and>),andcanhaveoneofthefollowingvalues:ThenumericsiteID(e.g."<1>","<28163489>");Thetextvalueofthe"ServerComment"propertyofthesite(e.g."<MyExternalSite>","<www.margiestravel.com>");Thefully-qualifiedADSImetabasepathtothesite(e.g."<//MYSERVER/W3SVC/1>"),usingeitherthenumericsiteIDorthetextvalueofthe"ServerComment"propertyofthesite.
Whena"siteidentifier"isused,theIISW3Cinputformatconnectstothespecifiedmachine'smetabase,gathersinformationonthesite'scurrentloggingproperties,andparsesallthelogfilesinthesite'scurrentlogfiledirectory.
Filenamesand"Siteidentifiers"canalsoincludewildcards(e.g."LogFiles\ex04*.log","<www.*.com>").
Examples:
FROMLogFiles\ex04*log,LogFiles\ex03*.log,\\MyServer\LoggingShare\W3SVC2\ex04*.logFROM<1>,<2>,<MyExternalSite>,extend9.log
![Page 303: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/303.jpg)
FROM<www.net*home.com>,<//MyServer2/W3SVC/www.net*home.com>,<//MyServer2/MSFTPSVC/*>,<*>
©2004MicrosoftCorporation.Allrightsreserved.
![Page 304: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/304.jpg)
IISW3CInputFormatFieldsTheinputrecordsgeneratedbytheIISW3Cinputformatcontainthefollowingfields:
Name Type Description
LogFilename STRING Fullpathofthelogfilecontainingthisentry
LogRow INTEGER Lineinthelogfilecontainingthisentry
date TIMESTAMP Thedateonwhichtherequestwasserved(UniversalTimeCoordinates(UTC)time)
time TIMESTAMP Thetimeatwhichtherequestwasserved(UniversalTimeCoordinates(UTC)time)
c-ip STRING TheIPaddressoftheclientthatmadetherequest
cs-username STRING Thenameoftheauthenticateduserthatmadetherequest,orNULLiftherequestwasfromananonymoususer
s-sitename STRING TheIISservicenameandsiteinstancenumberthatservedtherequest
![Page 305: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/305.jpg)
s-computername
STRING Thenameoftheserverthatservedtherequest
s-ip STRING TheIPaddressoftheserverthatservedtherequest
s-port INTEGER Theserverportnumberthatreceivedtherequest
cs-method STRING TheHTTPrequestverborFTPoperation
cs-uri-stem STRING TheHTTPrequesturi-stemorFTPoperationtarget
cs-uri-query STRING TheHTTPrequesturi-query,orNULLiftherequestedURIdidnotincludeauri-query
sc-status INTEGER TheresponseHTTPorFTPstatuscode
sc-substatus INTEGER TheresponseHTTPsub-statuscode(thisfieldisloggedbyIISversion6.0andlateronly)
sc-win32-status
INTEGER TheWindowsstatuscodeassociatedwiththeresponseHTTPorFTPstatuscode
sc-bytes INTEGER Thenumberofbytesintheresponsesentbytheserver
cs-bytes INTEGER Thenumberofbytesintherequest
![Page 306: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/306.jpg)
sentbytheclient
time-taken INTEGER Thenumberofmillisecondselapsedsincethemomenttheserverreceivedtherequesttothemomenttheserversentthelastresponsechunktotheclient
cs-version STRING TheHTTPversionoftheclientrequest
cs-host STRING TheclientrequestHostheader
cs(User-Agent)
STRING TheclientrequestUser-Agentheader
cs(Cookie) STRING TheclientrequestCookieheader
cs(Referer) STRING TheclientrequestRefererheader
s-event STRING Thetypeoflogevent(thisfieldisloggedbyIISversion5.0onlywhenthe"ProcessAccountingLogging"featureisenabled)
s-process-type STRING Thetypeofprocessthattriggeredthelogevent(thisfieldisloggedbyIISversion5.0onlywhenthe"ProcessAccountingLogging"featureisenabled)
s-user-time REAL ThetotalaccumulatedUserModeprocessortime,inpercentage,that
![Page 307: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/307.jpg)
thesiteusedduringthecurrentinterval(thisfieldisloggedbyIISversion5.0onlywhenthe"ProcessAccountingLogging"featureisenabled)
s-kernel-time REAL ThetotalaccumulatedKernelModeprocessortime,inpercentage,thatthesiteusedduringthecurrentinterval(thisfieldisloggedbyIISversion5.0onlywhenthe"ProcessAccountingLogging"featureisenabled)
s-page-faults INTEGER Thetotalnumberofmemoryreferencesthatresultedinmemorypagefaultsduringthecurrentinterval(thisfieldisloggedbyIISversion5.0onlywhenthe"ProcessAccountingLogging"featureisenabled)
s-total-procs INTEGER Thetotalnumberofapplicationscreatedduringthecurrentinterval(thisfieldisloggedbyIISversion5.0onlywhenthe"ProcessAccountingLogging"featureisenabled)
s-active-procs INTEGER Thetotalnumberofapplications
![Page 308: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/308.jpg)
runningwhenthelogeventwastriggered(thisfieldisloggedbyIISversion5.0onlywhenthe"ProcessAccountingLogging"featureisenabled)
s-stopped-procs
INTEGER Thetotalnumberofapplicationsstoppedduetoprocessthrottlingduringthecurrentinterval(thisfieldisloggedbyIISversion5.0onlywhenthe"ProcessAccountingLogging"featureisenabled)
©2004MicrosoftCorporation.Allrightsreserved.
![Page 309: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/309.jpg)
IISW3CInputFormatParametersTheIISW3Cinputformatsupportsthefollowingparameters:
iCodepage
Values: codepageID(number)
Default: -2
Description: Codepageofthelogfile.
Details: 0isthesystemcodepage;-2specifiesthatthecodepageisautomaticallydeterminedbyinspectingthefilenameand/orthesite's"LogInUTF8"property.
Example: -iCodepage:1245recurse
Values: recursionlevel(number)
Default: 0
Description: Maxsubdirectoryrecursionlevel.
Details: 0disablessubdirectoryrecursion;-1enablesunlimitedrecursion.
Example: -recurse:-1minDateMod
Values: date/time(in"yyyy-MM-ddhh:mm:ss"format)
Default: notspecified
Description: Minimumfilelastmodifieddate,inlocaltimecoordinates.
Details: Whenthisparameterisspecified,theIISW3Cinput
![Page 310: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/310.jpg)
formatprocessesonlylogfilesthathavebeenmodifiedafterthespecifieddate.
Example: -minDateMod:"2004-05-2822:05:10"dQuotes
Values: ON|OFF
Default: OFF
Description: Specifiesthatstringvaluesinthelogaredouble-quoted.
Details: LogprocessorsmightgenerateW3Clogswhosestringvaluesareenclosedindouble-quotes.
Example: -dQuotes:ONdirTime
Values: ON|OFF
Default: OFF
Description: Usethevalueofthe"#Date"directiveforthe"date"and/or"time"fieldvalueswhenthesefieldsarenotlogged.
Details: Whenalogfileisconfiguredtonotlogthe"date"and/or"time"fields,specifying"ON"forthisparameterscausestheIISW3Cinputformattogenerate"date"and"time"valuesusingthevalueofthelastseen"#Date"directive.
Example: -dirTime:ONconsolidateLogs
Values: ON|OFF
![Page 311: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/311.jpg)
Default: OFF
Description: Returnentriesfromalltheinputlogfilesorderingbydateandtime.
Details: Whenafrom-entityreferstologfilesfrommultipleIISvirtualsites,specifyingONforthisparametercausestheIISW3Cinputformattoparsealltheinputlogfilesinparallel,returningentriesorderedbythevaluesofthe"date"and"time"fieldsinthelogfiles;theinputrecordsreturnedwillthusappearasifasingleIISW3Clogfilewasbeingparsed.Enablingthisfeatureisequivalenttoexecutingaquerywithan"ORDERBYdate,time"clauseonallthelogfiles.However,theimplementationofthisfeatureleveragesthepre-existingchronologicalorderofentriesineachlogfile,anditdoesnotrequiretheextensivememoryresourcesotherwiserequiredbytheORDERBYqueryclause.
Example: -consolidateLogs:ONiCheckpoint
Values: checkpointfilename
Default: notspecified
Description: Loadandsavecheckpointinformationtothisfile.
Details: Thisparameterenablesthe"IncrementalParsing"featurethatallowssequentialexecutionsofthesamequerytoonlyprocessnewlogentriesthathavebeenloggedsincethelastexecution.Formoreinformation,seeParsingInputIncrementally.
Example: -iCheckpoint:C:\Temp\myCheckpoint.lpc
![Page 312: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/312.jpg)
©2004MicrosoftCorporation.Allrightsreserved.
![Page 313: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/313.jpg)
IISW3CInputFormatExamplesTop20URL'sforaSiteCreateachartcontainingtheTOP20URL'sinthe"www.margiestravel.com"website(assumedtobeloggingintheW3Clogformat):
LogParser"SELECTTOP20cs-uri-stem,COUNT(*)ASHitsINTOMyChart.gifFROM<www.margiestravel.com>GROUPBYcs-uri-stemORDERBYHitsDESC"-chartType:Column3D-groupSize:1024x768
ExportErrorstoSYSLOGSenderrorentriesintheW3ClogtoaSYSLOGserver:
LogParser"SELECTTO_TIMESTAMP(date,time),CASEsc-statusWHEN500THEN'emerg'ELSE'err'ENDASMySeverity,s-computernameASMyHostname,cs-uri-stemINTO@myserverFROM<1>WHEREsc-status>=400"-o:SYSLOG-severity:$MySeverity-hostName:$MyHostnameBytesbyExtensionChartCreateapiechartwiththetotalnumberofbytesgeneratedbyeachextension:
LogParser"SELECTEXTRACT_EXTENSION(cs-uri-stem)ASExtension,MUL(PROPSUM(sc-bytes),100.0)ASBytesINTOPie.gifFROM<1>GROUPBYExtensionORDERBYBytesDESC"-chartType:PieExploded-chartTitle:"Bytesperextension"-categories:off
©2004MicrosoftCorporation.Allrightsreserved.
![Page 314: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/314.jpg)
NCSAInputFormatTheNCSAinputformatparseslogfilesintheNCSACommon,Combined,andExtendedLogFileFormats.
TheNCSALogFileFormatisatext-based,fixed-fieldformat.Logentriesareloggedonasingleline,consistingofaspace-separatedlistoffieldvalues.TherearethreeversionsoftheNCSALogFileFormat:"Common","Combined",and"Extended".Thethreeversionsdifferbythenumberoffieldsthatareloggedforeachrequest.IIScanlogNCSACommonLogFileFormatlogfiles,whileotherwebserverscanbeconfiguredtologwiththeCombinedandExtendedformats.
ThefollowingexampleshowsaportionofanNCSACommonLogFileFormatlogfile:
172.21.13.45-Microsoft\User[08/Apr/2001:17:39:04-0800]"GET/scripts/iisadmin/ism.dll?http/servHTTP/1.0"2003401172.21.201.112--[08/Apr/2001:21:01:19-0800]"GET/style.cssHTTP/1.0"2003401ThefollowingexampleshowsaportionofanNCSACombinedLogFileFormatlogfile:
172.21.13.45-Microsoft\User[08/Apr/2001:17:39:04-0800]"GET/scripts/iisadmin/ism.dll?http/servHTTP/1.0"2003401"http://www.microsoft.com/""Mozilla/4.05[en](WinNT;I)""USERID=CustomerA"172.21.201.112--[08/Apr/2001:21:01:19-0800]"GET/style.cssHTTP/1.0"2001937"http://www.microsoft.com/""Mozilla/4.05[en](WinNT;I)""USERID=CustomerA"
From-EntitySyntaxFieldsParametersExamples
©2004MicrosoftCorporation.Allrightsreserved.
![Page 315: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/315.jpg)
NCSAInputFormatFrom-EntitySyntax<from-entity> ::= <filename>|<SiteID>[,<filename>|<SiteID>...]
<SiteID> ::= <site_number><server_comment><site_metabase_path>
The<from-entity>specifiedinqueriesusingtheNCSAinputformatisacomma-separatedlistof:
PathsofNCSALogFileFormatlogfiles;IISVirtualSite"identifiers".
"Siteidentifiers"mustbeenclosedwithinanglebrackets(<and>),andcanhaveoneofthefollowingvalues:ThenumericsiteID(e.g."<1>","<28163489>");Thetextvalueofthe"ServerComment"propertyofthesite(e.g."<MyExternalSite>","<www.margiestravel.com>");Thefully-qualifiedADSImetabasepathtothesite(e.g."<//MYSERVER/W3SVC/1>"),usingeitherthenumericsiteIDorthetextvalueofthe"ServerComment"propertyofthesite.
Whena"siteidentifier"isused,theNCSAinputformatconnectstothespecifiedmachine'smetabase,gathersinformationonthesite'scurrentloggingproperties,andparsesallthelogfilesinthesite'scurrentlogfiledirectory.
Filenamesand"Siteidentifiers"canalsoincludewildcards(e.g."LogFiles\nc04*.log","<www.*.com>").
Examples:
FROMLogFiles\nc04*log,LogFiles\nc03*.log,\\MyServer\LoggingShare\W3SVC2\nc04*.logFROM<1>,<2>,<MyExternalSite>,ncsa9.log
![Page 316: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/316.jpg)
FROM<www.net*home.com>,<//MyServer2/W3SVC/www.net*home.com>,<*>
©2004MicrosoftCorporation.Allrightsreserved.
![Page 317: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/317.jpg)
NCSAInputFormatFieldsTheinputrecordsgeneratedbytheNCSAinputformatcontainthefollowingfields:
Name Type Description
LogFilename STRING Fullpathofthelogfilecontainingthisentry
LogRow INTEGER Lineinthelogfilecontainingthisentry
RemoteHostName STRING TheIPaddressoftheclientthatmadetherequest
RemoteLogName STRING TheidentifierusedtoidentifytheclientmakingtheHTTPrequest,orNULLifnoidentifierisused(alwaysNULLinNCSAlogfilesgeneratedbyIIS)
UserName STRING Thenameoftheauthenticateduserthatmadetherequest,orNULLiftherequestwasfromananonymoususer
DateTime TIMESTAMP Thedateandtimeatwhichtherequestwasserved(UniversalTimeCoordinates(UTC)time)
Request STRING TheHTTPrequestline(verb,
![Page 318: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/318.jpg)
URI,andHTTPversion)
StatusCode INTEGER TheresponseHTTPstatuscode
BytesSent INTEGER Thenumberofbytesintheresponsesentbytheserver
Referer STRING TheclientrequestRefererheader(notloggedinNCSACommonLogFileFormatlogfiles)
User-Agent STRING TheclientrequestUser-Agentheader(notloggedinNCSACommonLogFileFormatlogfiles)
Cookie STRING TheclientrequestCookieheader(notloggedinNCSACommonLogFileFormatlogfiles)
©2004MicrosoftCorporation.Allrightsreserved.
![Page 319: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/319.jpg)
NCSAInputFormatParametersTheNCSAinputformatsupportsthefollowingparameters:
iCodepage
Values: codepageID(number)
Default: -2
Description: Codepageofthelogfile.
Details: 0isthesystemcodepage;-2specifiesthatthecodepageisautomaticallydeterminedbyinspectingthefilenameand/orthesite's"LogInUTF8"property.
Example: -iCodepage:1245recurse
Values: recursionlevel(number)
Default: 0
Description: Maxsubdirectoryrecursionlevel.
Details: 0disablessubdirectoryrecursion;-1enablesunlimitedrecursion.
Example: -recurse:-1minDateMod
Values: date/time(in"yyyy-MM-ddhh:mm:ss"format)
Default: notspecified
Description: Minimumfilelastmodifieddate,inlocaltimecoordinates.
Details: Whenthisparameterisspecified,theNCSAinput
![Page 320: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/320.jpg)
formatprocessesonlylogfilesthathavebeenmodifiedafterthespecifieddate.
Example: -minDateMod:"2004-05-2822:05:10"iCheckpoint
Values: checkpointfilename
Default: notspecified
Description: Loadandsavecheckpointinformationtothisfile.
Details: Thisparameterenablesthe"IncrementalParsing"featurethatallowssequentialexecutionsofthesamequerytoonlyprocessnewlogentriesthathavebeenloggedsincethelastexecution.Formoreinformation,seeParsingInputIncrementally.
Example: -iCheckpoint:C:\Temp\myCheckpoint.lpc
©2004MicrosoftCorporation.Allrightsreserved.
![Page 321: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/321.jpg)
NCSAInputFormatExamplesSliceRequestfieldintocomponentsReturntheverb,URI,andHTTPversionforeachrequest:
LogParser"SELECTEXTRACT_TOKEN(Request,0,'')ASVerb,EXTRACT_TOKEN(Request,1,'')ASURI,EXTRACT_TOKEN(Request,2,'')ASVersionFROMncsa9.log"
Top20URL'sforaSiteCreateachartcontainingtheTOP20URL'sinthe"www.margiestravel.com"website(assumedtobeloggingintheNCSAlogformat):
LogParser"SELECTTOP20EXTRACT_TOKEN(Request,1,'')ASURI,COUNT(*)ASHitsINTOMyChart.gifFROM<www.margiestravel.com>GROUPBYURIORDERBYHitsDESC"-chartType:Column3D-groupSize:1024x768
©2004MicrosoftCorporation.Allrightsreserved.
![Page 322: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/322.jpg)
NETMONInputFormatTheNETMONinputformatparsesnetworkcapturefiles(.capfiles)createdbytheNetMonNetworkMonitorapplication.
TheNETMONinputformatworksintwodifferentmodes,selectablethroughthefModeparameter.
Whenthe"fMode"parameterissetto"TCPIP",theNETMONinputformatreturnsaninputrecordforeachTCP/IPpacketfoundinthecapturefile.Inthiscase,inputrecordscontainfieldsfromtheTCPandIPpacketheaders,togetherwiththepayloadofeachpacket.Forexample,thefollowingcommandreturnsthespecifiedfieldsfromtheTCP/IPpacketsinthecapturefile:
LogParser"SELECTSrcPort,TCPFlags,PayloadBytesFROMMyCapture.cap"-fMode:TCPIPTheoutputofthiscommandwouldlooklikethefollowingsample:
SrcPortTCPFlagsPayloadBytes---------------------------445A11146A01336S080AS01336A01336AP2831336A143180A01336A14311336AP549
Whenthe"fMode"parameterissetto"TCPConn",theNETMONinputformatreturnsaninputrecordforeachTCPconnectionfoundinthecapturefile.Inthiscase,inputrecordscontainfieldscalculatedbyaggregatingalltheTCPpacketsintheconnection,includingthereconstructedpayloadsentbybothendpoints.Forexample,thefollowingcommandreturnsthespecifiedfieldsfromtheTCPconnectionsinthecapturefile:
LogParser"SELECTSrcPort,TimeTaken,SrcPayloadBytes,DstPayloadBytesFROMMyCapture.cap"-fMode:TCPConnTheoutputofthiscommandwouldlooklikethefollowingsample:
SrcPortTimeTakenSrcPayloadBytesDstPayloadBytes-------------------------------------------------
![Page 323: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/323.jpg)
1336150.216000369436731284450.64800031213621286711.0230000012871001.440000001288851.22400000128915120.24000000128366619.38800018863718129113663.102000312636128547883.357000312708129021203.9460003121362
From-EntitySyntaxFieldsParametersExamples
©2004MicrosoftCorporation.Allrightsreserved.
![Page 324: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/324.jpg)
NETMONInputFormatFrom-EntitySyntax<from-entity> ::= <filename>[,<filename>...]
The<from-entity>specifiedinqueriesusingtheNETMONinputformatisacomma-separatedlistofNetMoncapturefiles(.capfiles).
Examples:
FROMMyCapture1.cap
FROMMyCapture1.cap,MyCapture2.cap
©2004MicrosoftCorporation.Allrightsreserved.
![Page 325: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/325.jpg)
NETMONInputFormatFieldsThestructureoftheinputrecordsgeneratedbytheNETMONinputformatdependsonthevaluespecifiedforthefModeparameter.
TCPIPModeWhenthefModeparameterissetto"TCPIP",theNETMONinputformatreturnsaninputrecordforeachTCP/IPpacketfoundinthecapturefile.Inthismode,inputrecordscontainthefollowingfields:
Name Type Description
CaptureFilename STRING Thefullpathofthecapturefilecontainingthispacket
Frame INTEGER Theframenumbercontainingthispacket
DateTime TIMESTAMP Dateandtimeatwhichthepacketwassent
FrameBytes INTEGER Totalnumberofbytesintheframe
SrcMAC STRING MACaddressofthesenderofthispacket
SrcIP STRING IPaddressofthesenderofthispacket
SrcPort INTEGER TCPportnumberofthesenderofthispacket
![Page 326: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/326.jpg)
DstMAC STRING MACaddressofthedestinationofthispacket
DstIP STRING IPaddressofthedestinationofthispacket
DstPort INTEGER TCPportnumberofthedestinationofthispacket
IPVersion INTEGER IPversionofthispacket
TTL INTEGER Time-To-LivefieldoftheIPheaderofthispacket
TCPFlags STRING TCPflagsfieldoftheTCPheaderofthispacket
Seq INTEGER TCPsequencenumberofthispacket
Ack INTEGER TCPacknowledgenumberofthispacket
WindowSize INTEGER WindowsizefieldoftheTCPheaderofthispacket
PayloadBytes INTEGER NumberofbytesintheTCPpayloadofthispacket
Payload STRING TCPpayloadofthispacket
Connection INTEGER UniqueidentifieroftheTCPconnectiontowhichthispacketbelongs
![Page 327: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/327.jpg)
TCPConnModeWhenthefModeparameterissetto"TCPConn",theNETMONinputformatreturnsaninputrecordforeachTCPconnectionfoundinthecapturefile.Inthismode,inputrecordscontainthefollowingfields:
Name Type Description
CaptureFilename STRING Thefullpathofthecapturefilecontainingthisconnection
StartFrame INTEGER Framenumbercontainingthefirstpacketofthisconnection
EndFrame INTEGER Framenumbercontainingthelastpacketofthisconnection
Frames INTEGER Totalnumberofframescontainingpacketsbelongingtothisconnection
DateTime TIMESTAMP Dateandtimeofatwhichthefirstpacketofthisconnectionwassent
TimeTaken INTEGER Totalnumberofmillisecondselapsedsincethefirstpacketofthisconnectiontothelastpacket
SrcMAC STRING MACaddressoftheinitiatorofthisconnection
![Page 328: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/328.jpg)
SrcIP STRING IPaddressoftheinitiatorofthisconnection
SrcPort INTEGER TCPportnumberoftheinitiatorofthisconnection
SrcPayloadBytes INTEGER TotalnumberofbytesinthereconstructedTCPpayloadsentbytheinitiatorofthisconnection
SrcPayload STRING ReconstructedTCPpayloadsentbytheinitiatorofthisconnection
DstMAC STRING MACaddressofthereceiverofthisconnection
DstIP STRING IPaddressofthereceiverofthisconnection
DstPort INTEGER TCPportnumberofthereceiverofthisconnection
DstPayloadBytes INTEGER TotalnumberofbytesinthereconstructedTCPpayloadsentbythereceiverofthisconnection
DstPayload STRING ReconstructedTCPpayloadsentbythereceiverofthisconnection
![Page 329: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/329.jpg)
©2004MicrosoftCorporation.Allrightsreserved.
![Page 330: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/330.jpg)
NETMONInputFormatParametersTheNETMONinputformatsupportsthefollowingparameters:
fMode
Values: TCPIP|TCPConn
Default: TCPIP
Description: Operationmode.
Details: Whenthisparameterissetto"TCPIP",theNETMONinputformatreturnsaninputrecordforeachTCP/IPpacketfoundinthecapturefile.Inthiscase,inputrecordscontainfieldsfromtheTCPandIPpacketheaders,togethereachpacket.Whenthisparameterissetto"TCPConn",theNETMONinputformatreturnsaninputrecordforeachTCPconnectionfoundinthecapturefile.Inthiscase,inputrecordscontainfieldscalculatedbyaggregatingalltheTCPpacketsconnection,includingthereconstructedpayloadsentbybothendpoints.Formoreinformationonthedifferentmodesofoperation,seeFormatFields.
Example: -fMode:TCPConnbinaryFormat
Values: ASC|PRINT|HEX
Default: ASC
Description: Formatofbinaryfields.
Details: TCPpacketpayloadsarereturnedasSTRINGvaluesformattedaccordingtothevaluespecifiedforthisparameter.Whenthisparameterissetto"ASC",databytesbelongingtothe0x20-0x7FrangearereturnedasASCIIcharacters,whiledatabytesoutsidetherangearereturnedasperiod(.)characters,asshowninthefollowingexample:
![Page 331: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/331.jpg)
POST/test_system/requestHTTP/1.1..Content-Length:3411..Connection:Keep-Alive..
Whenthisparameterissetto"PRINT",databytesrepresentingprintableASCIIcharactersarereturnedasASCIIcharacters,whiledatabytesthatdonotrepresentprintableASCIIcharactersarereturnedasperiod(.)characters,asshowninthefollowingexample:
POST/test_system/requestHTTP/1.1Content-Length:3411Connection:Keep-AliveWhenthisparameterissetto"HEX",alldatabytesarereturnedastwo-digithexadecimalvalues,asshowninthefollowingexample:
504F5354202F63636D5F73797374656D2F7265717565737420485454502F312E310D0A
Example: -binaryFormat:PRINT
©2004MicrosoftCorporation.Allrightsreserved.
![Page 332: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/332.jpg)
NETMONInputFormatExamplesNetworkTrafficperSecondDisplaytotalnetworktrafficbytespersecond:
LogParser"SELECTQUANTIZE(DateTime,1)ASSecond,SUM(FrameBytes)INTODATAGRIDFROMMyCapture.capGROUPBYSecond"
©2004MicrosoftCorporation.Allrightsreserved.
![Page 333: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/333.jpg)
REGInputFormatTheREGinputformatreturnsinformationonregistryvalues.
TheREGinputformatenumerateslocalorremoteregistrykeysandvalues,returninganinputrecordforeachregistryvaluefoundintheenumeration.
From-EntitySyntaxFieldsParametersExamples
Seealso:FSInputFormat
©2004MicrosoftCorporation.Allrightsreserved.
![Page 334: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/334.jpg)
REGInputFormatFrom-EntitySyntax<from-entity> ::= <registry_key>[,<registry_key>...]
<registry_key> ::= [\\<computer_name>]\[<root_name>[\<subkey_path>]]
<root_name> ::= HKCR|HKCU|HKLM|HKCC|HKU
The<from-entity>specifiedinqueriesusingtheREGinputformatisacomma-separatedlistofregistrykeys.Validregistrykeysare:
Theregistryroot(e.g."\");Asystemregistryroot(e.g."\HKLM");Anykeybelowasystemregistryroot(e.g."\HKLM\Software\Microsoft").
RegistrykeyscanbeoptionallyprecededbyaremotecomputernameintheUNCnotation.
Examples:
FROM\
FROM\HKLM,\HKCU
FROM\\SERVER1\HKLM\Software,\\SERVER2\HKLM\Software
©2004MicrosoftCorporation.Allrightsreserved.
![Page 335: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/335.jpg)
REGInputFormatFieldsTheinputrecordsgeneratedbytheREGinputformatcontainthefollowingfields:
Name Type Description
ComputerName STRING Nameofthecomputerhostingtheregistrycontainingthisvalue
Path STRING Pathoftheregistrykeycontainingthisvalue
KeyName STRING Nameoftheregistrykeycontainingthisvalue
ValueName STRING Nameoftheregistryvalue
ValueType STRING Nameofthetypeoftheregistryvalue
Value STRING Textrepresentationofthecontentoftheregistryvalue
LastWriteTime TIMESTAMP Dateandtimeatwhichtheregistryvaluehasbeenlastmodified(UniversalTimeCoordinates(UTC)time)
©2004MicrosoftCorporation.Allrightsreserved.
![Page 336: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/336.jpg)
REGInputFormatParametersTheREGinputformatsupportsthefollowingparameters:
recurse
Values: recursionlevel(number)
Default: -1
Description: Maxsubkeyrecursionlevel.
Details: 0disablessubkeyrecursion;-1enablesunlimitedrecursion.
Example: -recurse:2multiSZSep
Values: anystring
Default: |
Description: SeparatorbetweenelementsofMULTI_SZregistryvalues.
Details: RegistryvaluesoftheMULTI_SZtypecontainarraysofstrings.Inthesecases,thecontentofthe"Value"fieldisbuiltbyconcatenatingthearrayelementsoneaftertheother,usingthevalueofthisparameterasaseparatorbetweentheelements.
Example: -multiSZSep:,binaryFormat
Values: ASC|PRINT|HEX
Default: ASC
Description: FormatofREG_BINARYregistryvalues.
Details: RegistryvaluesoftheREG_BINARYtypecontainbinarydataoftennotsuitabletobetextuallyrepresented.Thisparameterspecifies
![Page 337: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/337.jpg)
howbinarydataisformattedtoaSTRINGwhenreturnedascontentofthe"Value"field.Whenthisparameterissetto"ASC",databytesbelongingtothe0x20-0x7FrangearereturnedasASCIIcharacters,whiledatabytesoutsidetherangearereturnedasperiod(.)characters,asshowninthefollowingexample:
Bucket:02096553..rundll32.exe
Whenthisparameterissetto"PRINT",databytesrepresentingprintableASCIIcharactersarereturnedasASCIIcharacters,whiledatabytesthatdonotrepresentprintableASCIIcharactersarereturnedasperiod(.)characters,asshowninthefollowingexample:
Bucket:02096553rundll32.exeWhenthisparameterissetto"HEX",alldatabytesarereturnedastwo-digithexadecimalvalues,asshowninthefollowingexample:
4275636B65743A2030323039363535330D0A72756E646C6C33322E657865
Example: -binaryFormat:PRINT
©2004MicrosoftCorporation.Allrightsreserved.
![Page 338: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/338.jpg)
REGInputFormatExamplesUploadRegistrytoSQLTableLoadaportionoftheregistryintoaSQLtable:
LogParser"SELECT*INTOMyTableFROM\HKLM"-i:REG-o:SQL-server:MyServer-database:MyDatabase-driver:"SQLServer"-username:TestSQLUser-password:TestSQLPassword-createTable:ON
RegistryTypeDistributionDisplaythedistributionofregistryvaluetypes:
LogParser"SELECTValueType,COUNT(*)INTODATAGRIDFROM\HKLMGROUPBYValueType"
©2004MicrosoftCorporation.Allrightsreserved.
![Page 339: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/339.jpg)
TEXTLINEInputFormatTheTEXTLINEinputformatreturnslinesfromgenerictextfiles.
TheTEXTLINEinputformatmakesitpossibletoparsetextfilesinanyformatnotsupportednativelybyLogParser,andretrieveentirelinesoftextasasinglefield.ThefieldcanthenbeprocessedbytheSQL-likequerybymakinguseofstringmanipulationfunctions,suchastheEXTRACT_TOKENfunction.
From-EntitySyntaxFieldsParametersExamples
Seealso:TEXTWORDInputFormatTSVInputFormat
©2004MicrosoftCorporation.Allrightsreserved.
![Page 340: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/340.jpg)
TEXTLINEInputFormatFrom-EntitySyntax<from-entity> ::= <filename>[,<filename>...]|
http://<url>|STDIN
The<from-entity>specifiedinqueriesusingtheTEXTLINEinputformatiseither:
Acomma-separatedlistofpathstotextfiles,eventuallyincludingwildcards;TheURLofatextfile;The"STDIN"keyword,whichspecifiesthattheinputdataisavailablefromtheinputstream(commonlyusedwhenpipingcommandexecutions).
Examples:
FROM*.txt,\\MyServer\FileShare\*.tsv
FROMhttp://www.microsoft.adatum.com/example.tsv
typedata.txt|LogParser"SELECT*FROMSTDIN"-i:TEXTLINE
©2004MicrosoftCorporation.Allrightsreserved.
![Page 341: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/341.jpg)
TEXTLINEInputFormatFieldsTheinputrecordsgeneratedbytheTEXTLINEinputformatcontainthefollowingfields:
Name Type Description
LogFilename STRING Fullpathofthefilecontainingthisline
Index INTEGER Linenumber
Text STRING Textlinecontent
©2004MicrosoftCorporation.Allrightsreserved.
![Page 342: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/342.jpg)
TEXTLINEInputFormatParametersTheTEXTLINEinputformatsupportsthefollowingparameters:
iCodepage
Values: codepageID(number)
Default: 0
Description: Codepageofthetextfile.
Details: 0isthesystemcodepage,-1isUNICODE.
Example: -iCodepage:1245recurse
Values: recursionlevel(number)
Default: 0
Description: Maxsubdirectoryrecursionlevel.
Details: 0disablessubdirectoryrecursion;-1enablesunlimitedrecursion.
Example: -recurse:-1splitLongLines
Values: ON|OFF
Default: OFF
Description: Splitlineswhenlongerthanmaximumallowed.
Details: Whenatextlineislongerthan128Kcharacters,theTEXTLINEinputformattruncatesthelineandeitherdiscardstheremainingoftheline(whenthisparameterissetto"OFF"),orprocessestheremainderoftheline
![Page 343: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/343.jpg)
asanewline(whenthisparameterissetto"ON").
Example: -dQuotes:ONiCheckpoint
Values: checkpointfilename
Default: notspecified
Description: Loadandsavecheckpointinformationtothisfile.
Details: Thisparameterenablesthe"IncrementalParsing"featurethatallowssequentialexecutionsofthesamequerytoonlyprocessnewlogentriesthathavebeenloggedsincethelastexecution.Formoreinformation,seeParsingInputIncrementally.
Example: -iCheckpoint:C:\Temp\myCheckpoint.lpc
©2004MicrosoftCorporation.Allrightsreserved.
![Page 344: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/344.jpg)
TEXTLINEInputFormatExamplesHTMLLinksReturnthelinesinanHTMLdocumentthatcontainlinkstootherpages:
LogParser"SELECTTextFROMhttp://www.microsoft.adatum.comWHERETextLIKE'%href%'"-i:TEXTLINE
©2004MicrosoftCorporation.Allrightsreserved.
![Page 345: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/345.jpg)
TEXTWORDInputFormatTheTEXTWORDinputformatreturnswordsfromgenerictextfiles.
TheTEXTWORDinputformatmakesitpossibletoparsetextfilesinanyformatnotsupportednativelybyLogParser,andretrieveeachword(i.e.eachstringdelimitedbywhitespacecharacters)asasinglefield.
From-EntitySyntaxFieldsParametersExamples
Seealso:TEXTLINEInputFormatTSVInputFormat
©2004MicrosoftCorporation.Allrightsreserved.
![Page 346: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/346.jpg)
TEXTWORDInputFormatFrom-EntitySyntax<from-entity> ::= <filename>[,<filename>...]|
http://<url>|STDIN
The<from-entity>specifiedinqueriesusingtheTEXTWORDinputformatiseither:
Acomma-separatedlistofpathstotextfiles,eventuallyincludingwildcards;TheURLofatextfile;The"STDIN"keyword,whichspecifiesthattheinputdataisavailablefromtheinputstream(commonlyusedwhenpipingcommandexecutions).
Examples:
FROM*.txt,\\MyServer\FileShare\*.tsv
FROMhttp://www.microsoft.adatum.com/example.tsv
typedata.txt|LogParser"SELECT*FROMSTDIN"-i:TEXTWORD
©2004MicrosoftCorporation.Allrightsreserved.
![Page 347: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/347.jpg)
TEXTWORDInputFormatFieldsTheinputrecordsgeneratedbytheTEXTWORDinputformatcontainthefollowingfields:
Name Type Description
LogFilename STRING Fullpathofthefilecontainingthisword
Index INTEGER Wordnumber
Text STRING Word
©2004MicrosoftCorporation.Allrightsreserved.
![Page 348: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/348.jpg)
TEXTWORDInputFormatParametersTheTEXTWORDinputformatsupportsthefollowingparameters:
iCodepage
Values: codepageID(number)
Default: 0
Description: Codepageofthetextfile.
Details: 0isthesystemcodepage,-1isUNICODE.
Example: -iCodepage:1245recurse
Values: recursionlevel(number)
Default: 0
Description: Maxsubdirectoryrecursionlevel.
Details: 0disablessubdirectoryrecursion;-1enablesunlimitedrecursion.
Example: -recurse:-1iCheckpoint
Values: checkpointfilename
Default: notspecified
Description: Loadandsavecheckpointinformationtothisfile.
Details: Thisparameterenablesthe"IncrementalParsing"featurethatallowssequentialexecutionsofthesamequerytoonlyprocessnewlogentriesthathavebeenloggedsincethelastexecution.Formoreinformation,
![Page 349: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/349.jpg)
seeParsingInputIncrementally.
Example: -iCheckpoint:C:\Temp\myCheckpoint.lpc
©2004MicrosoftCorporation.Allrightsreserved.
![Page 350: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/350.jpg)
TEXTWORDInputFormatExamplesWordDistributionReturnthedistributionofwordsinthespecifiedtextfile:
LogParser"SELECTText,COUNT(*)FROMMyFile.txtGROUPBYTextORDERBYCOUNT(*)DESC"-i:TEXTWORD
©2004MicrosoftCorporation.Allrightsreserved.
![Page 351: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/351.jpg)
TSVInputFormatTheTSVinputformatparsestab-separatedandspace-separatedvaluestextfiles.
TSVtextfiles,usuallycalled"tabular"files,aregenerictextfilescontainingvaluesseparatedbyeitherspacesortabs.Thisitalsotheformatoftheoutputofmanycommand-linetools.Forexample,theoutputofthe"netstat"toolisaseriesoflines,eachlineconsistingofvaluesseparatedbyspaces:
ActiveConnections
ProtoLocalAddressForeignAddressStateTCPGABRIEGI-M:epmapGABRIEGI-M.redmond.corp.microsoft.com:0LISTENINGTCPGABRIEGI-M:microsoft-dsGABRIEGI-M.redmond.corp.microsoft.com:0LISTENINGTCPGABRIEGI-M:1025GABRIEGI-M.redmond.corp.microsoft.com:0LISTENINGTCPGABRIEGI-M:1036GABRIEGI-M.redmond.corp.microsoft.com:0LISTENINGTCPGABRIEGI-M:3389GABRIEGI-M.redmond.corp.microsoft.com:0LISTENINGTCPGABRIEGI-M:5000GABRIEGI-M.redmond.corp.microsoft.com:0LISTENINGTCPGABRIEGI-M:42510GABRIEGI-M.redmond.corp.microsoft.com:0LISTENINGTCPGABRIEGI-M:netbios-ssnGABRIEGI-M.redmond.corp.microsoft.com:0LISTENINGUDPGABRIEGI-M:microsoft-ds*:*UDPGABRIEGI-M:isakmp*:*UDPGABRIEGI-M:1026*:*UDPGABRIEGI-M:1027*:*UDPGABRIEGI-M:1028*:*UDPGABRIEGI-M:ntp*:*
Dependingontheapplication,thefirstlineinaTSVfilemightbea"header",containingthelabelsoftherecordfields.ThefollowingexampleshowsaTSVfilebeginningwithaheader:
YearPIDComment2004 2956 Applicationstarted2004 Waitingforinput2004 3104 Applicationstarted2004 1048 ApplicationstartedAmongalltheparameterssupportedbytheTSVinputformat,theiSeparator,nSep,andfixedSepparametersplayacrucialroleinprovidingtheflexibilityoftheTSVinputformatontheformatofthefilesbeingparsed.
TheiSeparatorparameterspecifiesthecharacterusedasaseparatorbetweenthefieldsinthefilesbeingparsed.Sometextfiles,likethepreviousnetstatexample,usesimplespacecharactersasseparatorcharacters,whileothertextfiles,likethesecondexampleabove,usetabcharacters.
ThenSepparameterspecifieshowmanyseparatorcharactersmustappearforthecharacterstosignifyafieldseparator.Inthenetstatexampleabove,fieldsareseparatedbyatleasttwospacecharacters,whileasinglespacecharacterisallowedtoappearinthevalueofafield(asisthecasewiththe"LocalAddress"fieldname).Ontheotherhand,intheprevioustab-separatedexamplefile,fieldsare
![Page 352: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/352.jpg)
UDPGABRIEGI-M:1900*:*UDPGABRIEGI-M:ntp*:*UDPGABRIEGI-M:netbios-ns*:*UDPGABRIEGI-M:netbios-dgm*:*UDPGABRIEGI-M:1900*:*UDPGABRIEGI-M:42508*:*
separatedbyasingletabcharacter.
ThefixedSepparameterspecifieswhetherornotthefieldsintheinputfilesareseparatedbyafixednumberofseparatorcharacters.Inthenetstatexampleabove,fieldsareseparatedbyatleasttwospacecharacters,butthreeormorespacecharactersstillsignifyasinglefieldseparator.Ontheotherhand,intheprevioustab-separatedexamplefile,fieldsareseparatedbyexactlyasingletabcharacter,andthepresenceoftwoconsecutivetabcharacterssignifiesanemptyfield.
From-EntitySyntaxFieldsParametersExamples
Seealso:CSVInputFormatTSVOutputFormat
©2004MicrosoftCorporation.Allrightsreserved.
![Page 353: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/353.jpg)
TSVInputFormatFrom-EntitySyntax<from-entity> ::= <filename>[,<filename>...]|
http://<url>|STDIN
The<from-entity>specifiedinqueriesusingtheTSVinputformatiseither:
Acomma-separatedlistofpathsofTSVfiles,eventuallyincludingwildcards;TheURLofafileintheTSVformat;The"STDIN"keyword,whichspecifiesthattheinputdataisavailablefromtheinputstream(commonlyusedwhenpipingcommandexecutions).
Examples:
FROMLogFiles1\*.txt,LogFiles2\*.txt,\\MyServer\FileShare\*.txt
FROMhttp://www.microsoft.adatum.com/MyTSVFiles/example.tsv
typedata.tsv|LogParser"SELECT*FROMSTDIN"-i:TSV
©2004MicrosoftCorporation.Allrightsreserved.
![Page 354: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/354.jpg)
TSVInputFormatFieldsThestructureoftheinputrecordsgeneratedbytheTSVinputformatisdeterminedatruntime,dependingonthedatabeingparsed,andonthevaluesspecifiedfortheinputformatparameters.
Thefirsttwoinputrecordfieldsarefixed,andtheyaredescribedinthefollowingtable:
Name Type Description
Filename STRING Fullpathofthefilecontainingthisentry
RowNumber INTEGER Lineinthefilecontainingthisentry
ThesetwofieldsarethenfollowedbythefieldsdetectedbytheTSVinputformatinthefile(s)beingparsed.Thenumber,names,anddatatypesofthefieldsaredeterminedbyexamininginitiallytheinputdataaccordingtothevaluesspecifiedfortheinputformatparameters.
ThenumberoffieldsdetectedbytheTSVinputformatduringtheinitialinspectionphasedictateshowtherecordfieldswillbeextractedfromtheinputdataduringthesubsequentparsingstage.Ifalinecontainslessfieldsthanthenumberoffieldsestablished,themissingfieldsarereturnedasNULLvalues.Ontheotherhand,ifalinecontainsmorefieldsthanthenumberoffieldsestablished,theextrafieldsareparsedasiftheywerepartofthevalueofthelastfieldexpectedbytheTSVinputformat.
NumberofFieldsThenumberoffieldsinaninputrecordisdeterminedbytheinputdataandbythevalueofthenFieldsparameter.
Whenthe"nFields"parameterissetto-1,theTSVinputformatdeterminesthenumberoffieldsbyinspectingthefirstlineoftheinput
![Page 355: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/355.jpg)
data,orthefirstlineoftheheaderfilespecifiedwiththe"iHeaderFile"parameter.Asanexample,thefollowingTSVfilecontainsavariablenumberoffields:
NameCityAreaCodeJeffRedmond425SteveSeattle20698101EdwardOlympia360Whenparsedwiththe"nFields"parametersetto-1,thisTSVfilewouldyieldthreefields("Name","City",and"AreaCode").Inthiscase,theextrafourthfieldinthesecondrecordwouldbeparsedaspartofthethird"AreaCode"field,whosevaluewouldthenbe"20698101".
Whenthe"nFields"parameterissettoavaluegreaterthanzero,theTSVinputformatusesthespecifiedvalueasthenumberoffieldsintheinputdata.Consideringagainthepreviousexamplefile,parsingthefilewiththe"nFields"parametersetto4wouldyieldfourfields.
FieldNamesThenamesofthefieldsinaninputrecordisdeterminedbytheinputdataandbythevaluesoftheheaderRowandiHeaderFileparameters.
Whenthe"headerRow"parameterissetto"ON",theTSVinputformatassumesthatthefirstlineinthefilebeingparsedisaheadercontainingthefieldnames.Inthiscase,ifthe"iHeaderFile"parameterisleftunspecified,theTSVinputformatextractsthefieldnamesfromtheheaderline.Ontheotherhand,ifthe"iHeaderFile"parameterissettothepathofaTSVfilecontainingatleastoneline,thentheTSVinputformatassumesthatthespecifiedfilecontainsaheader,parsesitsfirstlineonly,andextractsthefieldnamesfromthisline,ignoringthefirstlineofthefilebeingparsed.
Ifthenumberoffieldnamesextractedislessthanthenumberoffieldsdetected,theadditionalfieldsareautomaticallynamed"FieldN",withNbeingaprogressiveindexindicatingthefieldpositionintheinputrecord.
Consideringthepreviousexamplefile,settingthe"headerRow"
![Page 356: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/356.jpg)
parameterto"ON"wouldcausetheTSVinputformattousethefirstlineofthefileasaheadercontainingthefieldnames.Withthe"nFields"parametersetto-1,theTSVinputformatwoulddetectthreefields,whosenameswouldbe"Name","City",and"AreaCode".Ontheotherhand,withthe"nFields"parametersetto4,theTSVinputformatwoulddetectfourfields,named"Name","City","AreaCode",and"Field4".
Whenthe"headerRow"parameterissetto"OFF",theTSVinputformatassumesthatthefilebeingparseddoesnotcontainaheader,andthatitsfirstlineisthefirstdatarecordinthefile.Inthiscase,ifthe"iHeaderFile"parameterissettothepathofaTSVfilecontainingatleastoneline,thentheTSVinputformatassumesthatthespecifiedfilecontainsaheader,parsesitsfirstlineonly,andextractsthefieldnamesfromthisline.Ontheotherhand,ifthe"iHeaderFile"parameterisleftunspecified,thefieldsareautomaticallynamed"FieldN",withNbeingaprogressivenumberindicatingthefieldpositionintheinputrecord.
Asanexample,thefollowingTSVfiledoesnotcontainaheaderline:
JeffRedmond425SteveSeattle206EdwardOlympia360Whenparsedwiththe"headerRow"parameterto"OFF",theTSVinputformatassumesthatthefirstlineoftheTSVfileisthefirstdatarecordinthefile.Inthiscase,thethreefieldswouldbenamed"Field1","Field2",and"Field3".
FieldTypesThedatatypeofeachfieldextractedfromtheinputdataisdeterminedbyexaminingthefirstndatalines,wherenisthevaluespecifiedforthedtLinesparameter,inthefollowingway:Ifallthenon-emptyfieldvaluesinthefirstnlinesareformattedasdecimalnumbers,thenthefieldisassumedtobeoftheREALtype.Ifallthenon-emptyfieldvaluesinthefirstnlinesareformattedasintegernumbers,thenthefieldisassumedtobeoftheINTEGERtype.Ifallthenon-emptyfieldvaluesinthefirstnlinesareformattedas
![Page 357: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/357.jpg)
timestampsintheformatspecifiedbytheiTsFormatparameter,thenthefieldisassumedtobeoftheTIMESTAMPtype.Otherwise,thefieldisassumedtobeoftheSTRINGtype.
EmptyfieldvaluesarereturnedasNULLvalues.
©2004MicrosoftCorporation.Allrightsreserved.
![Page 358: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/358.jpg)
TSVInputFormatParametersTheTSVinputformatsupportsthefollowingparameters:
iSeparator
Values: asinglecharacter|spaces|space|tab
Default: tab
Description: Separatorcharacterbetweenfields.
Details: The"spaces"valueinstructstheTSVinputformattoconsideranyspacingcharacter(spaceandtab)asaseparatorcharacter.
Example: -iSeparator:spacenSep
Values: numberofseparators(number)
Default: 1
Description: Numberofseparatorcharactersbetweenfieldsinthedatarecords.
Details: Thisparameterspecifieshowmanyseparatorcharactersmustappearforthecharacterstosignifyafieldseparator.Thisparameterisusuallysettoavaluegreaterthanonewhenparsingspace-separatedtextfilesinwhichfieldvaluescancontainasinglespacecharacter.Inthesecases,fieldsareusuallyseparatedbymorethanasinglespacecharacter.Whenthe"fixedSep"parameterissetto"OFF",thevalueofthe"nSep"parameterisassumedtobetheminimumnumberofseparatorcharacterssignifyingafieldseparator.
![Page 359: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/359.jpg)
Example: -nSep:2fixedSep
Values: ON|OFF
Default: OFF
Description: SpecifieswhetherornotthefieldsintheinputTSVfile(s)areseparatedbyafixednumberofseparatorcharacters.
Details: Whenthisparameterissetto"ON",theTSVinputformatassumesthatthenumberofseparatorcharactersbetweenthefieldsintheinputdataequalsexactlythevaluespecifiedforthe"nSep"parameter.Inthiscase,thepresenceofmoreseparatorcharacterssignifiesanemptyvalue,whichisreturnedasaNULLvalue.Whenthisparameterissetto"OFF",theTSVinputformatassumesthatthefieldsintheinputdataareseparatedbyavariablenumberofseparatorcharacters,andthevalueofthe"nSep"parameterisassumedtobetheminimumnumberofseparatorcharacterssignifyingafieldseparator.Inthiscase,additionalseparatorcharactersareignoredandparsedasasinglefieldseparator,thusmakingitimpossibleforavaluetobeinterpretedasaNULLvalue.
Example: -fixedSep:ONheaderRow
Values: ON|OFF
Default: ON
Description: Specifieswhetherornottheinputfile(s)beginwithaheaderline.
![Page 360: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/360.jpg)
Details: Whenthisparameterissetto"ON",theTSVinputformatassumesthateachfilebeingparsedbeginswithaheaderline,containingthelabelsofthefieldsinthefile.Ifthe"iHeaderFile"parameterisleftunspecified,theTSVinputformatwillusethefieldnamesinthefirstfile'sheaderasthenamesoftheinputrecordfields.Ifavalueisspecifiedforthe"iHeaderFile"parameter,theTSVinputformatwillignoretheheaderlineineachfilebeingparsed.Whenthisparameterissetto"OFF",theTSVinputformatassumesthatthefile(s)beingparseddonotcontainaheader,andparsestheirfirstlineasdatarecords.Formoreinformationonheadersandfieldnames,seeTSVInputFormatFields.
Example: -headerRow:OFFiHeaderFile
Values: pathtoaTSVfile
Default: notspecified
Description: Filecontainingfieldnames.
Details: WhenparsingTSVfilesthatdonotcontainaheaderline,thefieldsoftheinputrecordsproducedbytheTSVinputformatarenamed"Field1","Field2",...Tooverridethisbehaviorandusemeaningfulfieldnames,thisparametercanbesettotothepathofaTSVfilecontainingaheaderline,causingtheTSVinputformattousethefieldnamesinthespecifiedTSVfile'sheaderlineasthenamesoftheinputrecordfields.OnlythefirstlineofthespecifiedTSVfileisparsed,andeventualadditionallinesareignored.Formoreinformationonheadersandfieldnames,seeTSVInputFormatFields.
![Page 361: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/361.jpg)
Example: -iHeaderFile:"C:\MyFolder\header.tsv"nFields
Values: numberoffields(number)
Default: -1
Description: Numberoffieldsinthedatarecords.
Details: Thisparameterspecifiesthenumberoffieldsintheinputdata.Thespecial"-1"valuespecifiesthatthenumberoffieldsistobedeductedbyinspectingthefirstlineofinputdata.Formoreinformationonhowthenumberoffieldsisdetermined,seeTSVInputFormatFields.
Example: -nFields:3dtLines
Values: numberoflines(number)
Default: 100
Description: Numberoflinesexaminedtodeterminefieldtypesatruntime.
Details: ThisparameterspecifiesthenumberofinitiallinesthattheTSVinputformatexaminestodeterminethedatatypeofeachinputfield.Ifthevalueis0,allfieldswillbeassumedtobeoftheSTRINGdatatype.Formoreinformationonhowfielddatatypesaredetermined,seeTSVInputFormatFields.
Example: -dtLines:10nSkipLines
![Page 362: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/362.jpg)
Values: numberoflines(number)
Default: 0
Description: Numberofinitiallinestoskip.
Details: Whenthisparameterissettoavaluegreaterthanzero,theTSVinputformatskipsthefirstnlinesofeachinputfilebeforeparsingitsheaderline,wherenisthevaluespecifiedforthisparameter.
Example: -nSkipLines:5lineFilter
Values: +|-<any_string>[,<any_string>...]
Default: notspecified
Description: Skiporconsideronlylinesbeginningwiththesestrings.
Details: Whenthevalueofthisparameterbeginswitha"+"character,theTSVinputformatwillonlyparsethoselinesbeginningwithoneofthestringsfollowingthe"+"characterinthespecifiedvalue.Forexample,thevalue"+Data:,Summary:"causestheTSVinputformattoparseonlylinesbeginningwitheither"Data:"or"Summary:".Whenthevalueofthisparameterbeginswitha"-"character,theTSVinputformatwillignorethoselinesbeginningwithoneofthestringsthatfollowthe"-"characterinthespecifiedvalue.Forexample,thevalue"-Comment,Marker"causestheTSVinputformattoignorelinesbeginningwitheither"Comment"or"Marker".
Example: -lineFilter:"-MetaData:,Summary:"iCodepage
![Page 363: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/363.jpg)
Values: codepageID(number)
Default: 0
Description: CodepageoftheTSVfile.
Details: 0isthesystemcodepage,-1isUNICODE.
Example: -iCodepage:1245iTsFormat
Values: timestampformat
Default: yyyy-MM-ddhh:mm:ss
Description: Formatoftimestampvaluesintheinputdata.
Details: Thisparameterspecifiesthedateand/ortimeformatusedintheinputdatabeingparsed.ValuesoffieldsmatchingthespecifiedformatarereturnedasvaluesoftheTIMESTAMPdatatype.Formoreinformationondateandtimeformats,seeTimestampFormatSpecifiers.
Example: -iTsFormat:"MMMdd,yyyy"iCheckpoint
Values: checkpointfilename
Default: notspecified
Description: Loadandsavecheckpointinformationtothisfile.
Details: Thisparameterenablesthe"IncrementalParsing"featurethatallowssequentialexecutionsofthesamequerytoonlyprocessneweventsthathavebeenloggedsincethelastexecution.Formoreinformation,seeParsingInputIncrementally.
Example:
![Page 364: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/364.jpg)
-iCheckpoint:C:\Temp\myCheckpoint.lpc
©2004MicrosoftCorporation.Allrightsreserved.
![Page 365: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/365.jpg)
TSVInputFormatExamplesNetStatoutputParsetheoutputofa'netstat'command:
netstat-a|LogParser"SELECT*FROMSTDIN"-i:TSV-iSeparator:space-nSep:2-fixedSep:OFF-nSkipLines:3
©2004MicrosoftCorporation.Allrightsreserved.
![Page 366: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/366.jpg)
URLSCANInputFormatTheURLSCANinputformatparseslogfilescreatedbytheURLScanIISfilter.
URLScanisanISAPIfilterthatallowsadministratorsofwebserverstorestrictthekindofHTTPrequeststhattheserverwillprocess.ByblockingspecificHTTPrequests,theURLScanfilterpreventspotentiallyharmfulrequestsfromreachingtheserverandcausingdamage.TheURLScanfiltermaintainsalogfiledescribingtheactionstakenwhenHTTPrequestsmatchtheadministrator-specifiedfilters.
LogfilescreatedbytheURLScanfilterlooklikethefollowingexample:
[04-30-2002-17:09:48]----------------InitializingUrlScan.log----------------[04-30-2002-17:09:48]--Filterinitializationtime:[04-30-2002-17:09:48]--[04-30-2002-17:09:48]----------------UrlScan.dllInitializing----------------[04-30-2002-17:09:49]UrlScanwillreturnthefollowingURLforrejectedrequests:"/<Rejected-By-UrlScan>"[04-30-2002-17:09:49]URLswillbenormalizedbeforeanalysis.[04-30-2002-17:09:49]URLnormalizationwillbeverified.[04-30-2002-17:09:49]URLsmustcontainonlyANSIcharacters.[04-30-2002-17:09:49]URLsmustnotcontainanydotexceptforthefileextension.[04-30-2002-17:09:49]URLswillbeloggedupto128Kbytes.[04-30-2002-17:09:49]RequestswithContent-Lengthexceeding30000000willberejected.[04-30-2002-17:09:49]RequestswithURLlengthexceeding260willberejected.[04-30-2002-17:09:49]RequestswithQueryStringlengthexceeding4096willberejected.[04-30-2002-17:09:49]Onlythefollowingverbswillbeallowed(casesensitive):[04-30-2002-17:09:49]'GET'[04-30-2002-17:09:49]Requestscontainingthefollowingcharactersequenceswillberejected:
From-EntitySyntaxFieldsParametersExamples
©2004MicrosoftCorporation.Allrightsreserved.
![Page 367: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/367.jpg)
[04-30-2002-17:09:49]'jj'[04-30-2002-17:10:08]Clientat192.168.1.81:URLcontainssequence'jj',whichisdisallowed.Requestwillberejected.SiteInstance='1',RawURL='/jj/LogLongUrlsTest_2_124_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'[04-30-2002-17:10:08]Clientat192.168.1.81:URLlengthexceededmaximumallowed.Requestwillberejected.SiteInstance='1',RawURL='/jj/LogLongUrlsTest_2_800_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'[04-30-2002-17:10:09]Clientat192.168.1.81:URLlengthexceededmaximumallowed.Requestwillberejected.SiteInstance='1',RawURL='/jj/LogLongUrlsTest_2_1000_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
![Page 368: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/368.jpg)
URLSCANInputFormatFrom-EntitySyntax<from-entity> ::= URLSCAN|
<filename>[,<filename>...]
The<from-entity>specifiedinqueriesusingtheURLSCANinputformatiseitherthe"URLSCAN"keywordoracomma-separatedlistofpathsofURLScanlogfiles.Whenthe"URLSCAN"keywordisused,theURLSCANinputformatextractstheURLScanlogconfigurationparametersfromtheUrlScan.iniconfigurationfileandparsesalltheURLScanlogfilescurrentlyavailableintheURLScanlogfiledirectory.
Filenamescanincludewildcards(e.g."URLSCAN\UrlScan*.log").
Examples:
FROMURLSCAN\UrlScan1.log,URLSCAN\UrlScan2.log
FROM\\MYMACHINE\URLSCAN\UrlScan*.log
FROMURLSCAN
©2004MicrosoftCorporation.Allrightsreserved.
![Page 369: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/369.jpg)
URLSCANInputFormatFieldsTheinputrecordsgeneratedbytheURLSCANinputformatcontainthefollowingfields:
Name Type Description
LogFilename STRING Fullpathofthelogfilecontainingthisentry
LogRow INTEGER Lineinthelogfilecontainingthisentry
Date TIMESTAMP Thedateandtimeatwhichtherequestwasserved(localtime)
ClientIP STRING TheIPaddressoftheclientthatmadetherequest
Comment STRING ThefilterthatmatchedtherequestandtheactionexecutedbyURLScan
SiteInstance INTEGER TheIISvirtualsiteinstancenumberthatservedtherequest
Url STRING TheHTTPrequesturl
©2004MicrosoftCorporation.Allrightsreserved.
![Page 370: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/370.jpg)
URLSCANInputFormatParametersTheURLSCANinputformatsupportsthefollowingparameters:
iCheckpoint
Values: checkpointfilename
Default: notspecified
Description: Loadandsavecheckpointinformationtothisfile.
Details: Thisparameterenablesthe"IncrementalParsing"featurethatallowssequentialexecutionsofthesamequerytoonlyprocessnewlogentriesthathavebeenloggedsincethelastexecution.Formoreinformation,seeParsingInputIncrementally.
Example: -iCheckpoint:C:\Temp\myCheckpoint.lpc
©2004MicrosoftCorporation.Allrightsreserved.
![Page 371: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/371.jpg)
URLSCANInputFormatExamplesClientssendingsuspiciousrequestsRetrievetheDNSnamesoftheclientsthatsentrequestsmatchingtheURLScanfilters:
LogParser"SELECTDISTINCTREVERSEDNS(ClientIP)FROMURLSCAN"
©2004MicrosoftCorporation.Allrightsreserved.
![Page 372: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/372.jpg)
W3CInputFormatTheW3CinputformatparseslogfilesintheW3CExtendedLogFileFormat.
Examplesoflogfilesinthisformatinclude:
PersonalFirewalllogfilesMicrosoftInternetSecurityandAccelerationServer(ISAServer)logfilesWindowsMediaServiceslogfilesExchangeTrackinglogfilesSimpleMailTransferProtocol(SMTP)logfiles
Logfilesinthisformatbeginwithsomeinformativeheaders("directives"),themostimportantofwhichisthe"#Fields"directive,describingwhichfieldsareloggedatwhichpositioninalogrow.Afterthedirectives,thelogentriesfollow.Eachlogentryisaspace-separatedlistoffieldvalues.
ThefollowingexampleshowsaportionofaPersonalFirewallW3CExtendedLogFileFormatlogfile:
#Verson:1.0#Software:MicrosoftInternetConnectionFirewall#TimeFormat:Local#Fields:datetimeactionprotocolsrc-ipdst-ipsrc-portdst-portsizetcpflagstcpsyntcpacktcpwinicmptypeicmpcodeinfo
2004-09-0307:11:54OPENUDP192.168.1.103192.168.1.108102653--------2004-09-0307:11:54OPENTCP192.168.1.101192.168.1.108300580--------2004-09-0307:11:55OPENTCP192.168.1.103192.168.1.1081104139--------2004-09-0307:11:55OPENTCP192.168.1.104192.168.1.1081103445--------
Note:DifferentlythantheIISW3Cinputformat,theW3Cinputformatdoesnotsupportlogfileswithvaryingnumberand/orpositionoffields.Inotherwords,whenparsingasetofW3Clogfiles,allthelogentriesinallthelogfilesmustbestructuredidenticallyasdeclaredbythefirst"#Fields"directiveencounteredinthefirstlogfile.
From-EntitySyntaxFieldsParametersExamples
![Page 373: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/373.jpg)
Seealso:IISW3CInputFormatW3COutputFormat
©2004MicrosoftCorporation.Allrightsreserved.
![Page 374: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/374.jpg)
W3CInputFormatFrom-EntitySyntax<from-entity> ::= <filename>[,<filename>...]|
http://<url>|STDIN
The<from-entity>specifiedinqueriesusingtheW3Cinputformatiseither:
Acomma-separatedlistofpathsofW3CExtendedlogfiles,eventuallyincludingwildcards;TheURLofafileintheW3CExtendedLogFileFormat;The"STDIN"keyword,whichspecifiesthattheinputdataisavailablefromtheinputstream(commonlyusedwhenpipingcommandexecutions).
Examples:
FROMLogFiles1\pf*.log,LogFiles2\pf*.log,\\MyServer\LoggingShare\pf*.logFROMhttp://www.microsoft.adatum.com/MyLogFiles/example.log
typemylog.log|LogParser"SELECT*FROMSTDIN"-i:W3C
©2004MicrosoftCorporation.Allrightsreserved.
![Page 375: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/375.jpg)
W3CInputFormatFieldsThestructureoftheinputrecordsgeneratedbytheW3Cinputformatisdeterminedatruntime,dependingontheinputdata.
Thefirsttwoinputrecordfieldsarefixed,andtheyaredescribedinthefollowingtable:
Name Type Description
LogFilename STRING Fullpathofthelogfilecontainingthisentry
RowNumber INTEGER Lineinthelogfilecontainingthisentry
Followingthesetwofieldsareallthefieldsdeclaredbythefirst"#Fields"directiveencounteredintheinputdata.Thedatatypeofeachfieldextractedfromtheinputdataisdeterminedbyexaminingthefirstnlogentries,wherenisthevaluespecifiedforthedtLinesparameter,inthefollowingway:
Ifallthenon-emptyfieldvaluesinthefirstnlogentriesareformattedasdecimalnumbers,thenthefieldisassumedtobeoftheREALtype.Ifallthenon-emptyfieldvaluesinthefirstnlogentriesareformattedasintegernumbers,thenthefieldisassumedtobeoftheINTEGERtype.Ifallthenon-emptyfieldvaluesinthefirstnlogentriesareformattedastimestampsinthe"yyyy-MM-ddhh:mm:ss"format,thenthefieldisassumedtobeoftheTIMESTAMPtype.Inparticular,ifafieldvalueisformattedasadateinthe"yyyy-MM-dd"format,thenthevalueisreturnedasadate-onlyTIMESTAMPvalue.Ifthefieldvalueisformattedasatimeofdayinthe"hh:mm:ss"format,thenthevalueisreturnedasatime-onlyTIMESTAMPvalue.Otherwise,thefieldisassumedtobeoftheSTRINGtype.
![Page 376: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/376.jpg)
Emptyvalues,representedbyahyphen(-)intheW3CExtendedLogFileFormat,arereturnedasNULLvalues.
Asanexample,thefollowinghelpcommanddisplaystheinputrecordstructuredeterminedbytheW3CinputformatwhenparsingthespecifiedPersonalFirewalllogfile:
C:\>LogParser-h-i:W3Cpfirewall.log
Thestructuredisplayedbythishelpcommandwillbe:
Fields:
LogFilename(S)RowNumber(I)date(T)time(T)action(S)protocol(S)src-ip(S)dst-ip(S)src-port(I)dst-port(I)size(I)tcpflags(S)tcpsyn(I)tcpack(I)tcpwin(I)icmptype(S)icmpcode(S)info(S)
©2004MicrosoftCorporation.Allrightsreserved.
![Page 377: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/377.jpg)
W3CInputFormatParametersTheW3Cinputformatsupportsthefollowingparameters:
iCodepage
Values: codepageID(number)
Default: 0
Description: Codepageofthelogfile.
Details: 0isthesystemcodepage,-1isUNICODE.
Example: -iCodepage:1245dtLines
Values: numberoflines(number)
Default: 10
Description: Numberoflinesexaminedtodeterminefieldtypesatruntime.
Details: ThisparameterspecifiesthenumberofinitialloglinesthattheW3Cinputformatexaminestodeterminethedatatypeoftheinputrecordfields.Ifthevalueiszero,allfieldswillbeassumedtobeoftheSTRINGdatatype.Formoreinformationonhowfielddatatypesaredetermined,seeW3CInputFormatFields.
Example: -dtLines:50dQuotes
Values: ON|OFF
Default: OFF
![Page 378: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/378.jpg)
Description: Specifiesthatstringvaluesinthelogaredouble-quoted.
Details: SomeW3Clogfilesenclosestringvalueswithindouble-quotecharacters(").
Example: -dQuotes:ONseparator
Values: asinglecharacter|space|tab|auto
Default: auto
Description: Separatorcharacterbetweenfields.
Details: DifferentW3Clogfilescanusedifferentseparatorcharactersbetweenthefields;forexample,ExchangeTrackinglogfilesusetabcharacters,whilePersonalFirewalllogfilesusespacecharacters.The"auto"valueinstructstheW3Cinputformattodetectautomaticallytheseparatorcharacterusedintheinputlog(s).
Example: -separator:tab
©2004MicrosoftCorporation.Allrightsreserved.
![Page 379: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/379.jpg)
W3CInputFormatExamplesClientsSendingDroppedPacketsReturnalltheclientsthatsentapacketdroppedbyPersonalFirewall:
LogParser"SELECTDISTINCTsrc-ipFROMpfirewall.logWHEREaction='DROP'"-i:W3C
©2004MicrosoftCorporation.Allrightsreserved.
![Page 380: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/380.jpg)
XMLInputFormatTheXMLinputformatparsesXMLtextfiles.
XMLfiles(alsocalled"XMLdocuments")arehierarchiesofnodes.Nodescanincludeothernodes,andeachnodecanhaveanodevalueandasetofattributes.Forexample,thefollowingXMLnodehasavalue(inthisinstance,"Rome"),andasingleattribute("Population",whosevalueis,inthisexample,"3350000"):
<CITYPopulation='3350000'>Rome</CITY>
XMLdocumentscanbeparsedindifferentways,andtheXMLinputformatoffersthreedistinctusageswhoseapplicabilitydependsonthestructureofthedocuments,andonthestructureoftheinformationthatneedstobeextracted.
Note:TheXMLinputformatrequirestheMicrosoftXMLparser(MSXML)tobeinstalledonthecomputerrunningLogParser.
From-EntitySyntaxFieldsParametersExamples
Seealso:XMLOutputFormat
©2004MicrosoftCorporation.Allrightsreserved.
![Page 381: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/381.jpg)
XMLInputFormatFrom-EntitySyntax<from-entity>
::= <document>[#<XPath>][,<document>[#<XPath>]...]
<document> ::= <filename>|<url>
The<from-entity>specifiedinqueriesusingtheXMLinputformatisacomma-separatedlistofpathsorURLsofXMLfiles.FilenamesorURLscanbeoptionallyfollowedbyanXPaththatspecifieswhichnode(s)inthedocumentaretobeconsideredrootnode(s).
Filenamescanincludewildcards(e.g."LogFiles\doc*.xml").
Examples:
FROMDocument1.xml,http://blogs.msdn.com/MainFeed.aspx
FROMDocument1.xml#/rss/channel/item,http://blogs.msdn.com/MainFeed.aspx#/rss/channel/item
©2004MicrosoftCorporation.Allrightsreserved.
![Page 382: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/382.jpg)
XMLInputFormatFieldsThestructureoftheinputrecordsgeneratedbytheXMLinputformatisdeterminedatruntime,dependingonthedocumentbeingparsed,andonthevaluesspecifiedfortheinputformatparameters.
TheXMLinputformatparsesanXMLdocumentby"visiting"thenodesinthedocument,andtheinputrecordfieldsaretheattributesandvaluesofthenodesthatarevisitedbytheXMLinputformat.
Bydefault,nodesarevisitedfromthedocumentroot,thatis,thesingletop-levelnodeinanXMLdocumentthatcontainsalltheothernodesinthedocument.However,bysupplyinganXPathineitherthefrom-entityorasavalueoftherootXPathparameter,userscanspecifythatthedocumentnodesaretobevisitedstartingfromthenode(s)selectedbytheXPath.
BeforeparsingtheXMLdocumentandreturntheinputrecords,theXMLinputformatinitiallyexaminesthenodesfoundalongthepathsfromtherootnodeorfromthenode(s)selectedbytheuser-suppliedrootXPathtothefirstnleafnodes,wherenisthevalueofthedtNodesparameter.Duringthisphase,theXMLinputformatcreatesarepresentationofthetreestructure("schema"tree)bymergingnodeswiththesamenameandhierarchicalposition.Whencompleted,theschematreecontainsonesingleinstanceofeachnodetype,andeachnodecontainsanattributesetequaltotheunionofalltheattributesfoundinthenodesofthattype.Atthismoment,aninputrecordfieldiscreatedforeachattributebelongingtoanodetypeandforeachnodetypehavingavalue.
Oncetheschematreehasbeendeterminedandtheinputrecordstructurehasbeencreated,theXMLinputformatparsestheXMLdocumentandgeneratesinputrecords,visitingthedocumentnodesandextractingtheirvaluesandattributes.TheXMLinputformatimplementsthreedifferentalgorithmstodecidehowdocumentnodeswillbevisited.ThethreealgorithmsrepresentthreedifferentwaysinwhichtheinformationcontainedinanXMLdocumentcanberetrieved,andthechoiceofanalgorithmdependsonthestructureofthedocumentandonthestructureoftheinformationthatneedstobe
![Page 383: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/383.jpg)
extracted.Sincedifferentalgorithmsvisitdifferentsetsofnodes,thechoiceofanalgorithmaffectswhichfields(i.e.whichnodeattributesandvalues)willbecontainedintheinputrecords.UserscanspecifythealgorithmtousethroughthefMode("fieldmode")parameter,whichcanbesetto"Branch","Tree",or"Node".
BranchFieldModeInthismode,inputrecordscontaintheattributesandvaluesofthenodesthatarevisitedalongallthepossiblepathsfromthedocumentrootorfromthenode(s)selectedbytheuser-suppliedrootXPathtoalltheleafnodes.
Thismodeisappropriatefordocumentsinwhicheachhierarchicallevelconsistsofnodesofthesametype,asdepictedinthefollowingdiagram:
Inthisstructure,therootnodecontainsonlynodesoftype"A",andeach"A"nodecontainsonlynodesoftype"B".Forexample,therootofthefollowingXMLdocumentcontains"Continent"nodesonly;each"Continent"nodecontains"Country"nodesonly,andeach"Country"nodecontains"City"nodesonly:
<?xmlversion="1.0"?><World>
<ContinentContinentName='NorthAmerica'>
<CountryCountryName='USA'><City>Redmond</City><City>SanFrancisco</City></Country>
Thisdocumentcanbethoughtofascontainingsix"entries",theleaf"City"nodes,withtheinformationassociatedwitheachentrybeingcontainedinthenodesthatareencounteredalongapathfromtherootnodetotheleafnode.Inthisexample,theinformationabout"Roma"includestheattributesandvalueofthe"City"node(the"Roma"nodevalueandthe"3350000"valueofits"Population"attribute),theattributesandvalueofitsparent
![Page 384: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/384.jpg)
<CountryCountryName='Canada'><City>Vancouver</City><City>Toronto</City></Country>
</Continent>
<ContinentContinentName='Europe'>
<CountryCountryName='Italia'><CityPopulation='3350000'>Roma</City><City>Milano</City></Country>
</Continent>
</World>
"Country"node(the"Italia"valueofthe"CountryName"attribute),andtheattributesandvalueofitsgrandparent"Continent"node(the"Europe"valueofthe"ContinentName"attribute).
Theschematreeextractedfromthisexampledocumentspecifiesthatthedocumentrootnodecontainsnodesofthe"Continent"type,andthatnodesofthistypehavea"ContinentName"attribute."Continent"nodes,inturn,containnodesofthe"Country"type,witha"CountryName"attribute;finally,"Country"nodescontainnodesofthe"City"type,andnodesofthistypehaveavalue,anda"Population"attribute.Theinputrecordsgeneratedaftertheschematreewouldthuscontainfourfields:"ContinentName","CountryName","City",and"Population".
Whenusingthe"Branch"fieldmode,theXMLinputformatgeneratesaninputrecordforeachpathfromthedocumentrootnodeorfromthenode(s)selectedbytheuser-suppliedrootXPathtoalltheleafnodes.Eachinputrecordcontainstheattributesandvaluesofthenodesencounteredalongthepath:
Record1 Record2
Record3 Record4
![Page 385: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/385.jpg)
Record5
Ifanodedoesnotspecifyanattributethatiscontainedintheattributesupersetofthecorrespondingschematreenode,orifanodedoesnotsupplyavaluewhilethecorrespondingschematreenodespecifiesthatatleastonenodeofthattypehasavalue,thenthecorrespondingfieldvalueissettoNULL.Forexample,parsingtheaboveexampleXMLdocumentin"Branch"fieldmodewouldproducethefollowingoutput:
ContinentNameCountryNameCityPopulation-----------------------------------------------NorthAmericaUSARedmond-NorthAmericaUSASanFrancisco-NorthAmericaCanadaVancouver-NorthAmericaCanadaToronto-EuropeItaliaRoma3350000EuropeItaliaMilano-
TreeFieldModeInthismode,inputrecordscontaintheattributesandvaluesofthenodesfoundinsubtreesthatincludeallnodesofdistincttypes.
Thismodeisappropriatefordocumentsinwhichaspecifichierarchicallevelcontainschildnodesallhavingdifferenttypes,asdepictedinthefollowingdiagram:
Inthisstructure,therootnodecontainsonlynodesoftype"A";each"A"nodehowevercontainsnodesallhavingdifferenttypes(asingle"B"
![Page 386: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/386.jpg)
node,asingle"C"node,andasingle"D"node).Forexample,therootofthefollowingXMLdocumentcontains"Message"nodes;each"Message"nodecontainsasingle"From"node,asingle"To"node,andasingle"Body"node:
<?xmlversion="1.0"?><Messages>
<MessageDate='2004-05-28T12:24:05'><From>Gabriele</From><To>Monica</To><Body>How'sgoing?</Body></Message>
<MessageDate='2004-05-28T13:01:14'><From>Monica</From><To>Gabriele</To><Body>Fine,thanks.</Body></Message>
</Messages>
Thisdocumentcanbethoughtofascontainingtwo"entries",the"Message"subtrees,withtheinformationassociatedwitheachentrybeingcontainedinallthenodesinthesubtreeandinthenodesthatareencounteredalongapathfromtherootnodetothesubtreeroot.Inthisexample,theinformationaboutamessageincludestheattributesandvaluesofallthenodesincludedinthesubtree("From","To",and"Body"nodes),andtheattributesandvaluesofallthenodesencounteredalongthepathfromthedocumentroottothesubtreeroot("Date"attributeofthe"Message"node).
Theschematreeextractedfromthisexampledocumentspecifiesthatthedocumentrootnodecontainsnodesofthe"Message"type,andthatnodesofthistypehavea"Date"attribute."Message"nodes,inturn,containnodesofthe"From","To",and"Body"types,eachtypehavinganodevalue.Theinputrecordsgeneratedaftertheschematreewouldthuscontainfourfields:"Date","From","To",and"Body".
Whenusingthe"Tree"fieldmode,theXMLinputformatgeneratesaninputrecordforeachsubtreethatincludesallnodesofdistincttypes.Eachinputrecordcontainstheattributesandvaluesofthenodesfoundinthesubtrees,togetherwiththeattributesandvaluesofthenodesencounteredalongthepathsfromthedocumentrootnodeorfromthenode(s)selectedbytheuser-suppliedrootXPathtothesubtreerootnodes:
![Page 387: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/387.jpg)
Record1 Record2
Forexample,parsingtheaboveexampleXMLdocumentin"Tree"fieldmodewouldproducethefollowingoutput:
DateFromToBody------------------------------------------------2004-05-2812:24:05GabrieleMonicaHow'sgoing?2004-05-2813:01:14MonicaGabrieleFine,thanks.WhileparsinganXMLdocumentin"Tree"mode,ifasubtreeisfoundcontainingmultipleinstancesofthesamenodetype,thatsubtreeis"replicated"combinatoriallytogenerateallthepossiblesubtreescontainingonesingleinstanceofeachnodetype.ThefollowingdiagramdepictsanXMLdocumentinwhichasubtreecontainsmultipleinstancesofthesamenodetype:
Inthisdiagram,the"A"nodecontainsoneinstanceofthe"B"nodetype,twoinstancesofthe"C"nodetype,andtwoinstancesofthe"D"notetype.Forexample,the"Message"nodeinthefollowingXMLdocumentcontainsasingle"From"node,two"To"nodes,andtwo"Body"nodes:
<?xmlversion="1.0"?><Messages>Thisdocumentcanbethoughtofasa"compact"representationoffour
![Page 388: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/388.jpg)
<MessageDate='2004-05-28T12:24:05'><From>Gabriele</From><To>Jeff</To><To>Steve</To><BodyLanguage='ENU'>Reviewready?</Body><BodyLanguage='ITA'>E'prontalareview?</Body></Message>
</Messages>
differentmessages:From"Gabriele"to"Jeff"inthe"ENU"language;From"Gabriele"to"Jeff"inthe"ITA"language;From"Gabriele"to"Steve"inthe"ENU"language;From"Gabriele"to"Steve"inthe"ITA"language;
Whenusingthe"Tree"fieldmode,these"Message"subtreesarereplicatedcombinatoriallytogenerateallthepossiblesubtreescontainingonesingleinstanceofeachofthe"From","To",and"Body"nodetypes:
Record1 Record2
Record3 Record4
Forexample,parsingtheaboveexampleXMLdocumentin"Tree"fieldmodewouldproducethefollowingoutput:
DateFromToBodyLanguage------------------------------------------------------------2004-05-2812:24:05GabrieleJeffReviewready?ENU2004-05-2812:24:05GabrieleJeffE'prontalareview?ITA2004-05-2812:24:05GabrieleSteveReviewready?ENU2004-05-2812:24:05GabrieleSteveE'prontalareview?ITANodeFieldModeInthismode,inputrecordscontainonlytheattributesandvaluesofthedocumentrootnodeorofthenode(s)selectedbytheuser-suppliedroot
![Page 389: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/389.jpg)
XPath.
Thismodeisappropriateforsituationsinwhichtheinformationtoberetrievedisassociatedwithaspecificnodetypeonly.Forexample,therelevantinformationinthedocumentdepictedbythefollowingdiagrammightbeassociatedwith"B"nodetypesonly:
Whenusingthe"Node"fieldmode,theXMLinputformatgeneratesaninputrecordforeachrootnode,eitherthedocumentrootorthenode(s)selectedbytheuser-suppliedrootXPath.Eachinputrecordcontainstheattributesandvaluesofthatnodeonly:
Record1 Record2
Forexample,parsingtheprevious"Cities"exampleXMLdocumentin"Node"fieldmodespecifying"/World/Continent/Country"astherootXPathwouldproducethefollowingoutput:
CountryName-----------USACanadaItaliaFieldTypesThedatatypeofeachfieldextractedfromtheschematreeisdetermined
![Page 390: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/390.jpg)
inthefollowingway:Ifallthenon-emptyfieldvalues(nodevaluesorattributevalues)encounteredwhileconstructingtheschematreeareformattedasdecimalnumbers,thenthefieldisassumedtobeoftheREALtype.Ifallthenon-emptyfieldvalues(nodevaluesorattributevalues)encounteredwhileconstructingtheschematreeareformattedasintegernumbers,thenthefieldisassumedtobeoftheINTEGERtype.Ifallthenon-emptyfieldvalues(nodevaluesorattributevalues)encounteredwhileconstructingtheschematreeareformattedastimestampsintheformatspecifiedbytheiTsFormatparameter,thenthefieldisassumedtobeoftheTIMESTAMPtype.Otherwise,thefieldisassumedtobeoftheSTRINGtype.
Asanexample,thefollowinghelpcommanddisplaystheinputrecordstructuredeterminedbytheXMLinputformatwhenparsingtheprevious"Cities"exampleXMLdocument:
C:\>LogParser-h-i:XMLCities.xml
Thestructuredisplayedbythishelpcommandwillbe:
Fields:
ContinentName(S)CountryName(S)City(S)Population(I)©2004MicrosoftCorporation.Allrightsreserved.
![Page 391: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/391.jpg)
XMLInputFormatParametersTheXMLinputformatsupportsthefollowingparameters:
rootXPath
Values: XPathquery
Default: notspecified
Description: XPathqueryofdocumentnode(s)tobeconsideredrootnode(s).
Details: Thenode(s)selectedbythespecifiedXPathreplacethedocumentrootnodeasthestartingnode(s)fromwhichallthedocumentnodesarevisited.
Note:ThisparameterisignoredforXMLdocumentswhosefilenameorURLhasbeenspecifiedtogetherwithanoptionalXPathinthefrom-entity.
Note:TheXPathspecifiedforthisparameteriscase-sensitive.IfanXPathisspecifiedcontainingnon-existingnodeorattributenames,orcontainingnodeorattributenameswiththewrongcapitalization,norootnodeisselectedandanerrorisreturned.
Example: -rootXPath:/World/Continent/CountryfMode
Values: Branch|Tree|Node|Auto
Default: Auto
Description: Algorithmtousewhenvisitingthedocumentnodes.
Details: Forinformationonthe"Branch","Tree",and"Node"visitalgorithmsseeXMLInputFormatFields.The"Auto"valueinstructstheXMLinputformatto
![Page 392: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/392.jpg)
determineautomaticallythebestalgorithmafterinspectingthestructureoftheinputdocument(s).
Example: -fMode:TreeiTsFormat
Values: timestampformat
Default: yyyy-MM-dd?hh:mm:ss
Description: Formatoftimestampvaluesinthedocument.
Details: Thisparameterspecifiesthedateand/ortimeformatusedinthedocumentbeingparsed.ValuesofnodesorattributesmatchingthespecifiedformatarereturnedasvaluesoftheTIMESTAMPdatatype.Formoreinformationondateandtimeformats,seeTimestampFormatSpecifiers.
Example: -iTsFormat:"MMMdd,yyyy"dtNodes
Values: numberofleafnodes(number)
Default: -1
Description: Numberofleafnodestobeexaminedwhendeterminingthedocumentstructure.
Details: Inordertodeterminetheinputdocumentstructure,theXMLinputformatinitiallyexaminesthenodesfoundalongthepathsfromtherootnodeorfromthenode(s)selectedbytheuser-suppliedrootXPathtothefirstnleafnodes,wherenisthevaluespecifiedforthisparameter.Specifying-1causestheXMLinputformattoexamineallthenodesintheinputdocument.
Example: -dtNodes:50
![Page 393: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/393.jpg)
fNames
Values: Compact|XPath
Default: Compact
Description: Fieldnamingschema.
Details: Specifying"Compact"causestheXMLinputformattocreatefieldnamesusingthenamesofthecorrespondingnodesorattributes.Ifafieldnameisnotunique,asequentialnumberisappendedtothenametorenderitunique.Examplefieldnamesinthe"Compact"modeare:
ContinentNameCountryNameCityPopulationSpecifying"XPath"causestheXMLinputformattocreatefieldnamesusingtheXPathqueriesforthecorrespondingnodesorattributes.Examplefieldnamesinthe"XPath"modeare:
/World/Continent/@ContinentName/World/Continent/Country/@CountryName/World/Continent/Country/City/World/Continent/Country/City/@Population
Example: -fNames:XPath
©2004MicrosoftCorporation.Allrightsreserved.
![Page 394: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/394.jpg)
XMLInputFormatExamplesMSDNBLogsChannelTitlesDisplaytitlesofcurrentchannelsonMSDNBLogs:
LogParser"SELECTtitleFROMhttp://blogs.msdn.com/MainFeed.aspx#/rss/channel/item"-i:XML-fMode:Tree
CheckNamesfromMBSAreportDisplaythechecksinanMBSAreport:
LogParser"SELECTNameFROMMYMACHINE.xml#/SecScan/Check"-fMode:Node
©2004MicrosoftCorporation.Allrightsreserved.
![Page 395: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/395.jpg)
OutputFormatsGenericTextFileOutputFormatsNAT:formatsoutputrecordsasreadabletabulatedcolumns.CSV:formatsoutputrecordsascomma-separatedvaluestext.TSV:formatsoutputrecordsastab-separatedorspace-separatedvaluestext.XML:formatsoutputrecordsasXMLdocuments.W3C:formatsoutputrecordsintheW3CExtendedLogFileFormat.TPL:formatsoutputrecordsfollowinguser-definedtemplates.IIS:formatsoutputrecordsintheMicrosoftIISLogFileFormat.
Special-purposeOutputFormatsSQL:uploadsoutputrecordstoatableinaSQLdatabase.SYSLOG:sendsoutputrecordstoaSyslogserver.DATAGRID:displaysoutputrecordsinagraphicaluserinterface.CHART:createsimagefilescontainingcharts.
©2004MicrosoftCorporation.Allrightsreserved.
![Page 396: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/396.jpg)
CHARTOutputFormatTheCHARToutputformatcreatesimagefilescontainingchartsoftheoutputrecordfieldvalues.
WhenusingtheCHARToutputformat,outputrecordfieldsmustbeoftheINTEGERorREALdatatypes,inorderfortheirvaluestobeplottedinachart.ThefirstfieldonlycanoptionallybeoftheSTRINGorTIMESTAMPdatatypes,inwhichcaseitsvaluesareusedasthenamesofthecategoriesontheX-axisofthechart.
ThefollowingexamplecommandcreatesachartplottingthenumberofeventsloggedintheSystemEventLogbyeacheventsource.Thefirstfieldintheoutputrecordsofthisqueryisthenameoftheeventsource,andtheCHARToutputformatwilluseitsvaluestolabelthecategoriesalongtheX-axisofthechart.Thesecondfieldintheoutputrecordsisthenumberofevents,whichwillbeplottedonthechart:
LogParser"SELECTSourceName,COUNT(*)AS[NumberofEvents]INTOEvents.gifFROMSystemGROUPBYSourceNameORDERBY[NumberofEvents]DESC"-o:CHART-chartType:Column3DTheresultingchartwilllooklikethefollowingexample:
![Page 397: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/397.jpg)
Chartscanalsocontainmultipleseriesplottedfromthevaluesofdifferentoutputrecordfields.Forexample,thefollowingcommandcalculatestheaverage,minimum,andmaximumnumberofbytesservedforeachwebpagetype:
LogParser"SELECTTO_UPPERCASE(EXTRACT_EXTENSION(cs-uri-stem))ASPageType,MIN(sc-bytes)ASMinimum,AVG(sc-bytes)ASAverage,MAX(sc-bytes)ASMaximumINTOBytesChart.gifFROM<1>GROUPBYPageTypeORDERBYAverageASC"-o:CHART-chartType:Column3DTheresultingchartwilllooklikethefollowingexample:
![Page 398: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/398.jpg)
TheCHARToutputformatrequirestheMicrosoftOfficeWebComponents,whicharegenerallyinstalledwithMicrosoftOffice2000,MicrosoftOfficeXP,andMicrosoftOffice2003.InordertousetheCHARToutputformat,usersmusthaveavalidlicenseofMicrosoftOfficeforthecomputerexecutingtheLogParserquery.
ConfigurationScriptsInto-EntitySyntaxParametersExamples
©2004MicrosoftCorporation.Allrightsreserved.
![Page 399: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/399.jpg)
CHARTOutputFormatConfigurationScriptsChartscreatedbytheCHARToutputformatcanbecustomizedbyuser-providedscriptsintheJScriptorVBScriptlanguagesthatareexecutedbytheCHARToutputformatpriortogeneratingtheoutputimagefile.
Thesescriptscanrefertotwoglobalobjectswhichexposemethodsandpropertiesthatcanbeusedtomodifyparameterssuchasthechartcolors,thechartfonts,andmanyotherattributes.ThetwoglobalobjectsavailabletoconfigurationscriptsareinstancesofthechartSpaceandchartobjectsoftheMicrosoftOfficeWebComponentsChartSpaceobjectmodel,andtheyarenamed"chartSpace"and"chart",respectively.ForinformationontheOfficeWebComponentsChartSpaceobjectmodel,andonthechartSpaceandchartobjects,visittheMSDNChartSpaceObjectModeldocumentation.
ThefollowingexamplescriptintheJScriptlanguagemanipulatesthechartSpaceandchartobjectstoaddacaptiontothechartandtosetthebackgroundcolortothetransparentcolor:
//AddacaptionchartSpace.HasChartSpaceTitle=true;chartSpace.ChartSpaceTitle.Caption="GeneratedbyLogParser2.2";chartSpace.ChartSpaceTitle.Font.Size=6;chartSpace.ChartSpaceTitle.Position=chartSpace.Constants.chTitlePositionBottom;
//Changethebackgroundcolorchart.PlotArea.Interior.Color=chartSpace.Constants.chColorNone;
ConfigurationscriptsareusedwiththeCHARToutputformatbyspecifyingtheirpathasavaluetotheconfigparameter,asshowninthefollowingexample:
LogParser"SELECTSourceName,COUNT(*)AS[NumberofEvents]INTOEvents.gifFROMSystemGROUPBYSourceNameORDERBY[NumberofEvents]DESC"-o:CHART-chartType:Column3D-config:MyScript.jsTheresultingchartwilllooklikethefollowingexample:
![Page 400: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/400.jpg)
©2004MicrosoftCorporation.Allrightsreserved.
![Page 401: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/401.jpg)
CHARTOutputFormatInto-EntitySyntax<into-entity> ::= <filename>
The<into-entity>specifiedinqueriesusingtheCHARToutputformatisthepathtotheoutputimagefile.
Examples:
INTOMyChart.gif
INTO\\COMPUTER01\Charts\Chart02.jpg
©2004MicrosoftCorporation.Allrightsreserved.
![Page 402: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/402.jpg)
CHARTOutputFormatParametersTheCHARToutputformatsupportsthefollowingparameters:
chartType
Values: nameofcharttype
Default: Line
Description: Charttype.
Details: ThesetofavailablecharttypesdependsontheversionoftheMicrosoftOfficeWebComponentsinstalledonthelocalcomputer.Foralistoftheavailablecharttypes,typethefollowinghelpcommandfromthecommand-lineshell:
LogParser-h-o:CHART
Example: -chartType:Pie3Dcategories
Values: ON|OFF|AUTO
Default: AUTO
Description: Displaycategorylabelsalongthecategoryaxis.
Details: Whenthisparameterissetto"ON",theCHARToutputformatusesthevaluesofthefirstoutputrecordfieldtodisplaycategorylabelsalongthecategoryaxis.Settingthisparameterto"AUTO"causestheCHARToutputformattodisplaycategorylabelsonlywhenthefirstoutputrecordfieldisoftheSTRINGorTIMESTAMPdatatypes.Settingthisparameterto"OFF"preventstheCHARToutputformatfromdisplayingcategorylabels.
![Page 403: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/403.jpg)
Example: -categories:ONmaxCategoryLabels
Values: number
Default: 0
Description: Maximumnumberofcategorylabelsdisplayedalongthecategoryaxis.
Details: Thisparameterisusedtolimitthenumberofcategorylabelsdisplayedalongthecategoryaxis,inordertopreventclutterintheoutputimage.Whenthisparameterissetto"0",theCHARToutputformatcalculatesthemaximumnumberofcategorylabelstodisplayasafunctionofthedimensionsofthetargetimage.Settingthisparameterto"-1"causesthenumberofcategorylabelsdisplayedalongthecategoryaxistobeunlimited.
Example: -maxCategoryLabels:20legend
Values: ON|OFF|AUTO
Default: AUTO
Description: Displayalegenddescribingtheseries.
Details: Whenthisparameterissetto"ON",theCHARToutputformatdisplaysalegendonthechartthatdescribestheseriesbeingplotted.Settingthisparameterto"AUTO"causestheCHARToutputformattodisplayalegendonlywhen2ormoreseriesarebeingplotted.Settingthisparameterto"OFF"preventstheCHARToutputformatfromdisplayingalegend.
Example:
![Page 404: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/404.jpg)
-legend:ONvalues
Values: ON|OFF|AUTO
Default: AUTO
Description: Displayvaluelabels.
Details: Whenthisparameterissetto"ON",theCHARToutputformatdisplaysalabelalongeachvaluebeingplotted,showingitsnumericvalue.Settingthisparameterto"AUTO"causestheCHARToutputformattodisplayvaluelabelsdependingonthetypeofchartselected.Settingthisparameterto"OFF"preventstheCHARToutputformatfromdisplayingvaluelabels.
Example: -values:ONgroupSize
Values: widthxheight
Default: 640x480
Description: Dimensionsofthetargetimage,inpixels.
Details: Thisparameterspecifiesthewidthandheightofthetargetimage,inpixels.
Example: -groupSize:400x260fileType
Values: GIF|JPG|AUTO
Default: AUTO
Description: Formatoftheoutputimagefile.
![Page 405: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/405.jpg)
Details: Whenthisparameterissetto"AUTO",theCHARToutputformatdeterminestheoutputimagefileformatbyinspectingtheextensionofthefilespecifiedfortheinto-entity.
Example: -fileType:JPGconfig
Values: comma-separatedlistoffilepaths
Default: notspecified
Description: Configurationscriptstouseforchartcustomization.
Details: Thisparameterspecifiesacomma-separatedlistofscriptsintheJScriptorVBScriptlanguagesthatcanbeusedtofurthercustomizethechartgeneratedbytheCHARToutputformat.Formoreinformationonconfigurationscripts,seeCHARTOutputFormatConfigurationScripts.
Example: -config:C:\MyScripts\MyConfig1.js,C:\MyScripts\MyConfig2.vbs
chartTitle
Values: charttitle
Default: Auto
Description: Titleofthechart.
Details: Whenthisparameterissetto"Auto"andtheoutputrecordscontain1seriesonly,theCHARToutputformatusestheseries'fieldnameasthetitleofthechart.
Example: -chartTitle:"BytesPerPage"oTsFormat
Values: timestampformat
![Page 406: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/406.jpg)
Default: yyyy-MM-ddhh:mm:ss
Description: Formatoftimestampvaluesinthecategorylabels.
Details: Thisparameterspecifiesthedateand/ortimeformattousewhenformattingvaluesoftheTIMESTAMPdatatypetogeneratecategorylabels.Formoreinformationondateandtimeformats,seeTimestampFormatSpecifiers.
Example: -oTsFormat:"MMMdd,yyyy"view
Values: ON|OFF
Default: OFF
Description: Displaychartimage.
Details: Settingthisparameterto"ON"causestheCHARToutputformattoopenawindowdisplayingthegeneratedoutputimagefile.
Example: -view:ON
©2004MicrosoftCorporation.Allrightsreserved.
![Page 407: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/407.jpg)
CHARTOutputFormatExamplesTop20URL'sCreateachartcontainingtheTOP20URL'sinthe"www.margiestravel.com"website:
LogParser"SELECTTOP20cs-uri-stem,COUNT(*)ASHitsINTOMyChart.gifFROM<www.margiestravel.com>GROUPBYcs-uri-stemORDERBYHitsDESC"-chartType:Column3D-groupSize:1024x768
BytesperPageTypeCreateapiechartwiththedistributionofbytesservedforeachpagetype:
LogParser"SELECTTO_UPPERCASE(EXTRACT_EXTENSION(cs-uri-stem))ASPageType,MUL(PROPSUM(sc-bytes),100.0)ASBytesINTOPie.gifFROM<1>GROUPBYPageTypeORDERBYBytesDESC"-chartType:PieExploded-chartTitle:"Bytesperpagetype"-categories:off©2004MicrosoftCorporation.Allrightsreserved.
![Page 408: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/408.jpg)
CSVOutputFormatTheCSVoutputformatwritesoutputrecordsascomma-separatedvaluestext.
TheoutputoftheCSVoutputformatconsistsofmultiplelinesoftext,onelineforeachoutputrecord.Eachlinecontainsthevaluesoftheoutputrecordfields,separatedbyacomma(,)character.DependingonthevalueoftheoDQuotesparameter,fieldvaluescanbeenclosedwithindouble-quotecharacters(").Ifenabledthroughtheheadersparameter,thefirstlineintheoutputisa"header"thatcontainsthenamesofthefields.
ThefollowingsampleshowstheoutputoftheCSVoutputformatwhenusingthedefaultvaluesforitsparameters:
EventID,SourceName,EventType,TimeGenerated6009,EventLog,4,2004-04-1818:48:046005,EventLog,4,2004-04-1818:48:047024,ServiceControlManager,1,2004-04-1818:48:277035,ServiceControlManager,4,2004-04-1818:48:277035,ServiceControlManager,4,2004-04-1818:48:277036,ServiceControlManager,4,2004-04-1818:48:277036,ServiceControlManager,4,2004-04-1818:48:277035,ServiceControlManager,4,2004-04-1818:48:277036,ServiceControlManager,4,2004-04-1818:48:277035,ServiceControlManager,4,2004-04-1818:48:277036,ServiceControlManager,4,2004-04-1818:48:277035,ServiceControlManager,4,2004-04-1818:48:277036,ServiceControlManager,4,2004-04-1818:48:277035,ServiceControlManager,4,2004-04-1818:48:277036,ServiceControlManager,4,2004-04-1818:48:277036,ServiceControlManager,4,2004-04-1818:48:277035,ServiceControlManager,4,2004-04-1818:48:367036,ServiceControlManager,4,2004-04-1818:51:267036,ServiceControlManager,4,2004-04-1818:51:29
FilescreatedwiththeCSVoutputformataresuitabletobeconsumedbyalargenumberofapplicationsthathandleCSVtextfiles,includingMicrosoftExcelandgenericspreadsheetapplications.
Into-EntitySyntaxParametersExamples
Seealso:TSVOutputFormatCSVInputFormat
©2004MicrosoftCorporation.Allrightsreserved.
![Page 409: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/409.jpg)
6006,EventLog,4,2004-04-1818:51:37
![Page 410: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/410.jpg)
CSVOutputFormatInto-EntitySyntax<into-entity> ::= <filename>|
STDOUT
The<into-entity>specifiedinqueriesusingtheCSVoutputformatiseither:
Afilename;The"STDOUT"keyword,whichspecifiesthattheoutputdataistobewrittentotheoutputstream(theconsoleoutput).
Thedefaultinto-entityforqueriesthatdonotspecifyanINTOclauseis"STDOUT".
TheCSVoutputformatsupportsthemultiplexfeature,whichcanbeenabledbyspecifying'*'wildcardsintheinto-entityfilename.Thisfeatureallowsoutputrecordstobewrittentodifferentfilesdependingonthevaluesoftheirfields.Formoreinformationonthemultiplexfeature,seeMultiplexingOutputRecords.
Examples:
INTOreport.csv
INTO\\COMPUTER01\Reports\report.csv
INTOSTDOUT
INTOReports_*_*\Report*.csv
©2004MicrosoftCorporation.Allrightsreserved.
![Page 411: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/411.jpg)
CSVOutputFormatParametersTheCSVoutputformatsupportsthefollowingparameters:
headers
Values: ON|OFF|AUTO
Default: AUTO
Description: Writeaheaderlinecontainingthefieldnames.
Details: ThisparametercontrolstheCSVheaderlinethatisoutputatthebeginningofeachfile.Thepossiblevaluesforthisparameterare:ON:alwayswritetheheader;OFF:neverwritetheheader;AUTO:writetheheaderonlywhennotappendingtoanexistingfile.
Example: -headers:OFFoDQuotes
Values: ON|OFF|AUTO
Default: AUTO
Description: Enclosefieldvalueswithindouble-quotecharacters(").
Details: ThisparametercontrolswhetherornottheCSVoutputformatshouldenclosefieldvalueswithindouble-quotecharacters(").Thepossiblevaluesforthisparameterare:ON:alwaysenclosefieldvalueswithindouble-quotecharacters;OFF:neverenclosefieldvalueswithindouble-quotecharacters;
![Page 412: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/412.jpg)
AUTO:enclosewithindouble-quotecharactersonlythosefieldvaluesthatcontaincomma(,)characters.
Example: -oDQuotes:ONtabs
Values: ON|OFF
Default: OFF
Description: Writeatabcharacteraftereachcommaseparator.
Details: Settingthisparameterto"ON"causestheCSVoutputformattowriteatabcharacteraftereachcommafieldseparator,inordertoimprovereadabilityoftheCSVoutput.Notethatusingtabsbetweenfieldvaluesmightgenerateoutputthatisnotcompatiblewithcertainspreadsheetapplications.
Example: -tabs:ONoTsFormat
Values: timestampformat
Default: yyyy-MM-ddhh:mm:ss
Description: FormatoftimestampvaluesintheoutputCSVdata.
Details: Thisparameterspecifiesthedateand/ortimeformattousewhenformattingvaluesoftheTIMESTAMPdatatype.Formoreinformationondateandtimeformats,seeTimestampFormatSpecifiers.
Example: -oTsFormat:"MMMdd,yyyy"
![Page 413: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/413.jpg)
oCodepage
Values: codepageID(number)
Default: 0
Description: Codepageoftheoutputtext.
Details: 0isthesystemcodepage,-1isUNICODE.
Example: -oCodepage:1245fileMode
Values: 0|1|2
Default: 1
Description: Actiontoperformwhenanoutputfilealreadyexists.
Details: ThisparametercontrolsthebehavioroftheCSVoutputformatwhentheinto-entityspecifiesdirectlyorindirectlythroughthe"multiplex"featurethenameofafilethatalreadyexists.Thepossiblevaluesforthisparameterare:0:existingfilesareappendedwiththeoutput;1:existingfilesareoverwrittenwiththeoutput;2:existingfilesareleftintact,discardingtheoutput.
Example: -fileMode:0
©2004MicrosoftCorporation.Allrightsreserved.
![Page 414: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/414.jpg)
CSVOutputFormatExamplesFileInformationCreateaCSVfilecontaininginformationonthefilescontainedinthespecifieddirectory:
LogParser"SELECTPath,Name,Size,AttributesINTOFiles.csvFROMC:\Test\*.*"-i:FS-o:CSV-recurse:0
SecurityEventsRetrievethe10latesteventsfromtheSecurityeventlogandwritetheirinformationtoaCSVfileforeacheventID:
LogParser"SELECTTOP10EventID,EventTypeName,MessageINTOEvents_*.csvFROMSecurity"-i:EVT-direction:BW-o:CSV
©2004MicrosoftCorporation.Allrightsreserved.
![Page 415: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/415.jpg)
DATAGRIDOutputFormatTheDATAGRIDoutputformatdisplaysoutputrecordsinagraphicaluserinterface.
Outputrecordsaredisplayedinascrollablegridthatallowsuserstobrowsethroughthequeryresults.IndividualoutputrecordscanbeselectedandcopiedtotheclipboardasCSV-formatteddatathatcanbepastedintoanotherapplication.
ThefollowingscreenshotshowstheDATAGRIDwindowdisplayingtheresultsofaquery:
ControlsintheDATAGRIDuserinterfaceallowuserstoresizethewindowandtheindividualoutputrecordcolumns,andtochangethepropertiesofthefontusedtodisplaythedata.
Into-EntitySyntaxParametersExamples
Seealso:NATOutputFormat
©2004MicrosoftCorporation.Allrightsreserved.
![Page 416: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/416.jpg)
DATAGRIDOutputFormatInto-EntitySyntax<into-entity> ::= DATAGRID
QueriesusingtheDATAGRIDoutputformatarenotrequiredtospecifyanINTOclause.IfanINTOclauseisused,its<into-entity>mustbespecifiedas"DATAGRID".
Usingthe"DATAGRID"keywordinthe<into-entity>allowsLogParsertoselecttheDATAGRIDoutputformatautomaticallywhennooutputformatisexplicitlyspecified.
Examples:
INTODATAGRID
©2004MicrosoftCorporation.Allrightsreserved.
![Page 417: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/417.jpg)
DATAGRIDOutputFormatParametersTheDATAGRIDoutputformatsupportsthefollowingparameters:
rtp
Values: numberofrows
Default: 10
Description: Rowstoprintbeforepausing.
Details: TheDATAGRIDoutputformatdisplaysoutputrecordsinbatchesmadeupofanumberofrowsequaltothevaluespecifiedforthisparameter.Onceabatchofrowshasbeendisplayed,the"Nextnrows"buttonisenabled,andtheDATAGRIDoutputformatwaitsfortheusertopressthebuttonbeforedisplayingthenextbatchofrows.Specifying"-1"forthisparameterdisablesbatchingaltogether.
Example: -rtp:-1autoScroll
Values: ON|OFF
Default: ON
Description: Automaticallyscrollwindowwhennewrowsareoutput.
Details: Whenthisparameterissetto"ON",theDATAGRIDwindowscrollsdownautomaticallywhenevernewoutputrecordsaredisplayed,inordertopositionthedisplaygridoverthelatestoutputrecords.Settingthisparameterto"OFF"causesthegridpositiontoremainunalteredwhennewoutputrecordsaredisplayed.ThisparameterisalsoaccessiblefromtheViewmenu
![Page 418: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/418.jpg)
intheDATAGRIDwindow.
Example: -autoScroll:OFF
©2004MicrosoftCorporation.Allrightsreserved.
![Page 419: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/419.jpg)
DATAGRIDOutputFormatExamplesUsers'JobTitlesRetrieveusers'jobtitlebreakdownfromActiveDirectory:
LogParser"SELECTtitle,MUL(PROPCOUNT(*),100.0)ASPercentageINTODATAGRIDFROM'LDAP://MyUsername:MyPassword@mydomain/CN=Users,DC=mydomain,DC=com'WHEREtitleISNOTNULLGROUPBYtitleORDERBYPercentageDESC"-objClass:UserRegistryTypeDistributionDisplaythedistributionofregistryvaluetypes:
LogParser"SELECTValueType,COUNT(*)FROM\HKLMGROUPBYValueType"-o:DATAGRID
©2004MicrosoftCorporation.Allrightsreserved.
![Page 420: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/420.jpg)
IISOutputFormatTheIISoutputformatwritesoutputrecordsintheMicrosoftIISLogFileFormat.
ThefollowingexampleshowsasampleoutputfilegeneratedbytheIISoutputformat:
192.168.1.1,-,11/18/2003,0:28:33,-,-,192.168.1.100,15,194,345,304,-,GET,/Default.htm,-,192.168.1.1,-,11/18/2003,0:28:33,-,-,192.168.1.100,0,139,323,304,-,GET,/style.css,-,192.168.1.1,-,11/18/2003,0:28:33,-,-,192.168.1.100,0,139,334,304,-,GET,/images/address.gif,-,192.168.1.1,-,11/18/2003,0:28:33,-,-,192.168.1.100,31,2285,273,200,-,GET,/cgi-bin/counts.exe,test=npa&style;=14,192.168.1.2,-,11/18/2003,0:28:42,-,-,192.168.1.100,1828,666,442,200,-,GET,/home/rules.htm,-,192.168.1.2,-,11/18/2003,0:28:42,-,-,192.168.1.100,47,2018,463,200,-,GET,/home/rules.htm,-,192.168.1.2,-,11/18/2003,0:28:42,-,-,192.168.1.100,62,8903,308,200,-,GET,/home/rules.htm,-,
Into-EntitySyntaxParametersExamples
Seealso:IISInputFormat
©2004MicrosoftCorporation.Allrightsreserved.
![Page 421: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/421.jpg)
IISOutputFormatInto-EntitySyntax<into-entity> ::= <filename>|
STDOUT
The<into-entity>specifiedinqueriesusingtheIISoutputformatiseither:
Afilename;The"STDOUT"keyword,whichspecifiesthattheoutputdataistobewrittentotheoutputstream(theconsoleoutput).
Thedefaultinto-entityforqueriesthatdonotspecifyanINTOclauseis"STDOUT".
TheIISoutputformatsupportsthemultiplexfeature,whichcanbeenabledbyspecifying'*'wildcardsintheinto-entityfilename.Thisfeatureallowsoutputrecordstobewrittentodifferentfilesdependingonthevaluesoftheirfields.Formoreinformationonthemultiplexfeature,seeMultiplexingOutputRecords.
Examples:
INTOinetsv1.log
INTO\\COMPUTER01\Logs\in040528.log
INTOSTDOUT
INTOLogs_*_*\in*.log
©2004MicrosoftCorporation.Allrightsreserved.
![Page 422: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/422.jpg)
IISOutputFormatParametersTheIISoutputformatsupportsthefollowingparameters:
rtp
Values: numberofrows
Default: 10
Description: Rowstoprintbeforepausing.
Details: WhenwritingtoSTDOUT,theIISoutputformatdisplaysoutputrecordsinbatchesmadeupofanumberofrowsequaltothevaluespecifiedforthisparameter.Onceabatchofrowshasbeendisplayed,theIISoutputformatpromptstheusertopressakeytodisplaythenextbatchofrows.Specifying"-1"forthisparameterdisablesbatchingaltogether.
Example: -rtp:-1oCodepage
Values: codepageID(number)
Default: 0
Description: Codepageoftheoutputtext.
Details: 0isthesystemcodepage,-1isUNICODE.
Example: -oCodepage:1245fileMode
Values: 0|1|2
Default: 1
![Page 423: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/423.jpg)
Description: Actiontoperformwhenanoutputfilealreadyexists.
Details: ThisparametercontrolsthebehavioroftheIISoutputformatwhentheinto-entityspecifiesdirectlyorindirectlythroughthe"multiplex"featurethenameofafilethatalreadyexists.Thepossiblevaluesforthisparameterare:0:existingfilesareappendedwiththeoutput;1:existingfilesareoverwrittenwiththeoutput;2:existingfilesareleftintact,discardingtheoutput.
Example: -fileMode:0
©2004MicrosoftCorporation.Allrightsreserved.
![Page 424: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/424.jpg)
IISOutputFormatExamplesW3CtoIISConversionConvertthespecifiedW3ClogfiletoanIISlogfile:
LogParser"SELECTc-ip,cs-username,TO_DATE(TO_LOCALTIME(TO_TIMESTAMP(date,time))),TO_TIME(TO_LOCALTIME(TO_TIMESTAMP(date,time))),s-sitename,s-computername,s-ip,time-taken,sc-bytes,cs-bytes,sc-status,sc-win32-status,cs-method,cs-uri-stem,cs-uri-queryINTOinetsv1.logFROMextend1.log"-i:IISW3C-o:IIS©2004MicrosoftCorporation.Allrightsreserved.
![Page 425: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/425.jpg)
NATOutputFormatTheNAToutputformatwritesoutputrecordsinareadabletabulatedcolumnformat.
TheprimaryintendeduseoftheNAToutputformatistodisplayoutputrecordstotheconsoleoutput.ThisisthedefaultoutputformatselectedbyLogParserwhenacommanddoesnotexplicitlyspecifyanoutputformatandthequerydoesnotspecifyanINTOclause.
ThefollowingexampleshowsasampleoutputgeneratedbytheNAToutputformat:
TimeGeneratedSourceNameEventID-------------------------------------------------2004-04-1818:48:04EventLog60092004-04-1818:48:04EventLog60052004-04-1818:48:27ServiceControlManager70242004-04-1818:48:27ServiceControlManager70352004-04-1818:48:27ServiceControlManager70352004-04-1818:48:27ServiceControlManager70362004-04-1818:48:27ServiceControlManager70362004-04-1818:48:27ServiceControlManager70352004-04-1818:48:27ServiceControlManager70362004-04-1818:48:27ServiceControlManager7035
Into-EntitySyntaxParametersExamples
Seealso:DATAGRIDOutputFormat
©2004MicrosoftCorporation.Allrightsreserved.
![Page 426: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/426.jpg)
NATOutputFormatInto-EntitySyntax<into-entity> ::= <filename>|
STDOUT
The<into-entity>specifiedinqueriesusingtheNAToutputformatiseither:
Afilename;The"STDOUT"keyword,whichspecifiesthattheoutputdataistobewrittentotheoutputstream(theconsoleoutput).
Thedefaultinto-entityforqueriesthatdonotspecifyanINTOclauseis"STDOUT".
TheNAToutputformatsupportsthemultiplexfeature,whichcanbeenabledbyspecifying'*'wildcardsintheinto-entityfilename.Thisfeatureallowsoutputrecordstobewrittentodifferentfilesdependingonthevaluesoftheirfields.Formoreinformationonthemultiplexfeature,seeMultiplexingOutputRecords.
Examples:
INTOreport.txt
INTO\\COMPUTER01\Reports\report.txt
INTOSTDOUT
INTOReports_*_*\Report*.txt
©2004MicrosoftCorporation.Allrightsreserved.
![Page 427: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/427.jpg)
NATOutputFormatParametersTheNAToutputformatsupportsthefollowingparameters:
rtp
Values: numberofrows
Default: 10
Description: Rowstoprintbeforepausing.
Details: WhenwritingtoSTDOUT,theNAToutputformatdisplaysoutputrecordsinbatchesmadeupofanumberofrowsequaltothevaluespecifiedforthisparameter.Onceabatchofrowshasbeendisplayed,theNAToutputformatpromptstheusertopressakeytodisplaythenextbatchofrows.Specifying"-1"forthisparameterdisablesbatchingaltogether.
Example: -rtp:-1headers
Values: ON|OFF
Default: ON
Description: Printcolumnheaders.
Details: Thisparameterenablesordisablesthecolumnheadersdisplayedbeforeeachbatchofoutputrows.
Example: -headers:OFFspaceCol
Values: ON|OFF
Default: ON
![Page 428: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/428.jpg)
Description: Spacecolumnsuniformly.
Details: Whenthisparameterissetto"ON",theNAToutputformatpadsvalueswithenoughspacecharacterstocreatecolumnshavingauniformwidthwithineachbatchofoutputrows.Whenthisparameterissetto"OFF",theNAToutputformatdisplaysunalignedvaluesseparatedbyasinglespacecharacter.
Example: -spaceCol:OFFrAlign
Values: ON|OFF
Default: OFF
Description: Aligncolumnstotheright.
Details: Whenthisparameterissetto"ON",theNAToutputformatalignsvaluestotherightsideofeachcolumn.Whenthisparameterissetto"OFF",valuesarealignedtotheleftsideofeachcolumn.
Example: -rAlign:ONcolSep
Values: anystring
Default: singlespacecharacter
Description: Columnseparator.
Details: Thisparameterspecifiestheseparatortobeusedbetweenthecolumns.
Example: -colSep:","
![Page 429: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/429.jpg)
direct
Values: ON|OFF
Default: OFF
Description: Enable"directmode".
Details: When"directmode"isenabled,theNAToutputformatdisplaysoutputrecordsastheyaremadeavailable,disablingtheinternalbufferingmechanismusedforcolumnspacingandoutputrowbatching.In"directmode"columnsarenotuniformlyspaced,headersareprintedonlyatthebeginningoftheoutput,andoutputrecordsaredisplayedwithoutinterruption.
Example: -direct:ONoCodepage
Values: codepageID(number)
Default: 0
Description: Codepageoftheoutputtext.
Details: 0isthesystemcodepage,-1isUNICODE.
Example: -oCodepage:1245fileMode
Values: 0|1|2
Default: 1
Description: Actiontoperformwhenanoutputfilealreadyexists.
Details: ThisparametercontrolsthebehavioroftheNAToutputformatwhentheinto-entityspecifiesdirectlyorindirectlythroughthe"multiplex"featurethenameofafilethatalreadyexists.
![Page 430: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/430.jpg)
Thepossiblevaluesforthisparameterare:0:existingfilesareappendedwiththeoutput;1:existingfilesareoverwrittenwiththeoutput;2:existingfilesareleftintact,discardingtheoutput.
Example: -fileMode:0
©2004MicrosoftCorporation.Allrightsreserved.
![Page 431: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/431.jpg)
NATOutputFormatExamplesTenLargestFilesPrintthe10largestfilesontheC:drive:
LogParser"SELECTTOP10*FROMC:\*.*ORDERBYSizeDESC"-i:FS
©2004MicrosoftCorporation.Allrightsreserved.
![Page 432: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/432.jpg)
SQLOutputFormatTheSQLoutputformatuploadsoutputrecordstoatableinaSQLdatabase.
ThisoutputformatcanuploadrecordstoatableinanyODBC-compliantdatabase,includingMicrosoftSQLServerandMicrosoftAccessdatabases.
Whenthetargettabledoesnotalreadyexistinthespecifieddatabase,theSQLoutputformatcreatesatablewithasmanycolumnsasthenumberoffieldsintheSELECTclauseofthequery.Inthiscase,theSQLtypeofeachcolumnisdeterminedbythedatatypeofthecorrespondingoutputrecordfield,asdescribedinColumnTypeMappings.
Ifthetargettablealreadyexists,thenumberofcolumnsinthetablemustmatchexactlythenumberoffieldsintheSELECTclauseofthequery,andtheSQLtypeofeachcolumnmustbecompatiblewiththedatatypeoftheoutputrecordfieldinthesameposition,asdescribedinColumnTypeMappings.
ColumnTypeMappingsInto-EntitySyntaxParametersExamples
©2004MicrosoftCorporation.Allrightsreserved.
![Page 433: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/433.jpg)
SQLOutputFormatColumnTypeMappingsThefollowingtableshowsthemappingsbetweenthedatatypesofthequeryoutputrecordfieldsandtheSQLtypesofthecolumnsinthetargettable.
Thecolumnlabeled"NewTable"showstheSQLtypesdeclaredforthetablecolumnswhentheSQLoutputformatcreatesthetable.Thecolumnlabeled"ExistingTable"showstheSQLtypesthatarecompatiblewiththecorrespondingLogParserdatatypewhentheSQLoutputformatuploadsrecordstoanexistingtable.
LogParserDataType NewTable ExistingTable
INTEGER int int,bigint,smallint,tinyint,bit1
REAL real real,decimal,float
STRING varchar(n2) varchar(n),nvarchar(n),charTIMESTAMP datetime datetime,smalldatetime,date,timeNULL varchar anytype
Notes:(1):whenuploadingtoafieldofthebittype,thetargetvalueissettotruewhentheINTEGERvalueisdifferentthanzero,andtofalsewhenthevalueisNULLorzero.
(2):themaximumlengthofnewfieldsofthevarchartypecanbecontrolledthroughthemaxStrFieldLenparameter.
©2004MicrosoftCorporation.Allrightsreserved.
![Page 434: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/434.jpg)
SQLOutputFormatInto-EntitySyntax<into-entity> ::= <table_name>
The<into-entity>specifiedinqueriesusingtheSQLoutputformatisthenameofthetablewheretheresultsaretobeuploadedto.
Ifthespecifiedtabledoesnotalreadyexist,theSQLoutputformatcreatesatablewithasmanycolumnsasthenumberoffieldsintheSELECTclauseofthequery.Inthiscase,theSQLtypeofeachcolumnisdeterminedbythedatatypeofthecorrespondingoutputrecordfield,asdescribedinColumnTypeMappings.Ifthespecifiedtablealreadyexists,thenumberofcolumnsinthetablemustmatchexactlythenumberoffieldsintheSELECTclauseofthequery,andtheSQLtypeofeachcolumnmustbecompatiblewiththedatatypeoftheoutputrecordfieldinthesameposition,asdescribedinColumnTypeMappings.
Examples:
INTOReportTable
©2004MicrosoftCorporation.Allrightsreserved.
![Page 435: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/435.jpg)
SQLOutputFormatParametersTheSQLoutputformatsupportsthefollowingparameters:
server
Values: servername
Default: .
Description: Nameofthedatabaseserver.
Details: Settingavalueforthe"oConnString"parametercausesthisparametertobeignored.
Example: -server:SQLREPORTSdatabase
Values: databasename
Default: notspecified
Description: Nameofthetargetdatabase.
Details: Settingavalueforthe"oConnString"parametercausesthisparametertobeignored.
Example: -database:LogParserLogsdriver
Values: ODBCdrivername
Default: SQLServer
Description: NameoftheODBCdrivertouse.
Details: Settingavalueforthe"oConnString"parametercausesthisparametertobeignored.
Example: -driver:"MicrosoftAccessDriver(*.mdb)"
![Page 436: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/436.jpg)
dsn
Values: DSNname
Default: notspecified
Description: NameoftheDSNtouse.
Details: ThisparametercanbeusedtospecifyaDataSourceNamethatcontainsinformationabouttheconnectiontothetargetdatabase.Settingavalueforthe"oConnString"parametercausesthisparametertobeignored.
Example: -dsn:"MyDSN"username
Values: SQLusername
Default: notspecified
Description: Databaseusername.
Details: Whenthisparameterisnotspecified,theSQLoutputformatusesthecurrentuser'scredentialsthroughWindowsIntegratedAuthentication.Settingavalueforthe"oConnString"parametercausesthisparametertobeignored.
Note:Forsecurityreasons,valuesspecifiedforthisparameterarenotpersistedwhenusingtheLogParsercommand-lineDefaultsOverrideMode.
Example: -username:MyDBUserpassword
Values: SQLpassword
Default: notspecified
![Page 437: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/437.jpg)
Description: Databaseuserpassword.
Details: Settingavalueforthe"oConnString"parametercausesthisparametertobeignored.
Note:Forsecurityreasons,valuesspecifiedforthisparameterarenotpersistedwhenusingtheLogParsercommand-lineDefaultsOverrideMode.
Example: -password:MyPasswordoConnString
Values: connectionstring
Default: notspecified
Description: ODBCconnectionstringcontainingtheparametersfortheconnectiontothedatabase.
Details: SettingavalueforthisparametercausestheSQLoutputformattoignoreanyvaluesetforthe"server","database","driver","dsn","username",and"password"parameters.TheSQLoutputformatdoesnotenforceanysyntaxontheconnectionstring.ThevaluespecifiedforthisparameterishandeddirectlytotheODBCsubsystemwheninitiatingtheconnectiontothedatabase.
Note:Forsecurityreasons,valuesspecifiedforthisparameterthatcontainausernameand/orapasswordarenotpersistedwhenusingtheLogParsercommand-lineDefaultsOverrideMode.
Example: -oConnString:"Driver={SQLServer};Server=MyServer;db=pubs;uid=sa;pwd=MyPassword"
createTable
Values: ON|OFF
Default: OFF
![Page 438: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/438.jpg)
Description: Createanewtablewhenthetablespecifiedintheinto-entitydoesnotexist.
Details: Whenthisparameterissetto"ON"andthetargettabledoesnotalreadyexistinthespecifieddatabase,theSQLoutputformatcreatesatablewithasmanycolumnsasthenumberoffieldsintheSELECTclauseofthequery.Inthiscase,theSQLtypeofeachcolumnisdeterminedbythedatatypeofthecorrespondingoutputrecordfield,asdescribedinColumnTypeMappings.Whenthisparameterissetto"OFF"andthetargettabledoesnotalreadyexistinthespecifieddatabase,theSQLoutputformatgeneratesanerror,causingthecurrentlyexecutingquerytoabort.
Example: -createTable:ONclearTable
Values: ON|OFF
Default: OFF
Description: Clearexistingtablebeforeinsertingnewrows.
Details: Settingthisparameterto"ON"causestheSQLoutputformattodeleteexistingrowsinthetargettablebeforeinsertingthequeryoutputrecords.
Example: -clearTable:ONfixColNames
Values: ON|OFF
Default: ON
Description: Automaticallyremoveinvalidcharactersfromcolumnnameswhencreatingthetargettable.
Details: Whenthe"createTable"parameterissetto"ON"andthe
![Page 439: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/439.jpg)
targettabledoesnotalreadyexistinthespecifieddatabase,theSQLoutputformatcreatesthetablenamingitscolumnswiththenamesofthequeryoutputrecordfields.Whenthisparameterissetto"ON",theSQLoutputformatprocessesthefieldnamesandremovesorsubstitutesthosecharactersthatareconsideredillegalbymostdatabases,includingspacecharacters,parenthesyscharacters,anddash(-)characters.
Example: -fixColNames:OFFmaxStrFieldLen
Values: numberofcharacters
Default: 255
Description: Maximumnumberofcharactersdeclaredforstringcolumnswhencreatingatable.
Details: Whenthe"createTable"parameterissetto"ON"andthetargettabledoesnotalreadyexistinthespecifieddatabase,theSQLoutputformatcreatesthetabledeterminingtheSQLtypeofeachcolumnfromthedatatypeofthecorrespondingoutputrecordfield,asdescribedinColumnTypeMappings.ColumnscorrespondingtooutputrecordfieldsoftheSTRINGdatatypearedeclaredasSQLstringshavingamaximumlengthequaltothevaluespecifiedforthisparameter.
Example: -maxStrFieldLen:511transactionRowCount
Values: numberofrows
Default: 0
Description: NumberofrowsenclosedinaSQLtransaction.
![Page 440: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/440.jpg)
Details: Whenthisparameterissetto"0",theSQLoutputformatworksin"autocommit"mode,whereeachsingleoutputrecorduploadedtothetargettableisautomaticallycommitted.Whenthisparameterissetto"-1",theSQLoutputformatinitiatesaSQLtransactionwhenuploadingthefirstoutputrecord,andcommitsorrollbacksthetransactionafteruploadingthelastrecordorwhenanerrorcausesthequeryexecutiontoabort.SettingthisparametertoanyothervaluecausestheSQLoutputformattocreatemultipleSQLtransactions,eachcontaininganumberofrecordsequaltothespecifiedvalue.
Example: -transactionRowCount:200ignoreMinWarns
Values: ON|OFF
Default: ON
Description: Ignoreminorwarnings.
Details: Whenthisparameterissetto"ON",theSQLoutputformatignoresminorwarningsthatmightoccurwhileuploadingrecordstothetargettable,includingdatatruncationwarningsandinvalidescapecharactererrors.Whenthisparameterissetto"OFF",allminorwarningsarereportedaswarningswhenthequeryexecutioniscomplete.
Example: -ignoreMinWarns:OFFignoreIdCols
Values: ON|OFF
Default: OFF
![Page 441: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/441.jpg)
Description: Ignore"identity"columnsinthetargettable.
Details: Whenthisparameterissetto"OFF"andthetargettablespecifiedintheinto-entityalreadyexists,theSQLoutputformatexpectsa1-to-1matchbetweenthecolumnsinthetargettableandthefieldsinthequeryoutputrecords,regardlessofwhetherornotanycolumninthetargettableisan"identity"column.Inthiscase,thevaluesoftheoutputrecordfieldswillbeuploadedtoallthecolumnsinthetable,includingeventual"identity"columns.Whenthisparameterissetto"ON"andthetargettablespecifiedintheinto-entityalreadyexists,theSQLoutputformatignores"identity"columnsinthetargettable,checkingfora1-to-1matchonlybetweenthenon-identitycolumnsandthefieldsinthequeryoutputrecords,anduploadingoutputrecordfieldvaluestonon-identitycolumnsonly.
Example: -ignoreIdCols:ON
©2004MicrosoftCorporation.Allrightsreserved.
![Page 442: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/442.jpg)
SQLOutputFormatExamplesUploadRegistryValuestoaSQLtableUploadaportionoftheregistryintoanewly-createdSQLtable:
LogParser"SELECTPath,KeyName,ValuleNameINTOMyTableFROM\HKLM"-i:REG-o:SQL-server:MyServer-database:MyDatabase-driver:"SQLServer"-username:TestSQLUser-password:TestSQLPassword-createTable:ONUploadIISW3ClogfilestoanAccessdatabaseUploadselectedfieldsofanIISW3ClogfileintoanexistingtableinMicrosoftAccess:
LogParser"SELECTTO_TIMESTAMP(date,time),c-ip,cs-uri-stem,sc-statusINTOMyTableFROMextend1.log"-i:IISW3C-o:SQL-oConnString:"Driver={MicrosoftAccessDriver(*.mdb)};Dbq=C:\MyDB\MyDB.mdb;Uid=MyUsername;Pwd=MyPassword"©2004MicrosoftCorporation.Allrightsreserved.
![Page 443: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/443.jpg)
SYSLOGOutputFormatTheSYSLOGoutputformatcanbeusedtosendmessagestoaSyslogserver,tocreatetextfilescontainingSyslogmessages,andtosendSyslogmessagestousers.
TheSYSLOGoutputformatgeneratesmessagesformattedaccordingtotheSyslogspecificationsdescribedinRFC3164.Syslogmessagesconsistofsixparts,andtheSYSLOGoutputformatprovidesparametersthatallowuserstoassignconstantsoroutputrecordfieldstothedifferentpartsofamessage.
ThefollowingexampleshowsSyslogmessagescontaininginformationgatheredfromtheSystemeventlog:
<46>Apr1818:48:04MYSERVER-MLogParser:EventLog:TheEventlogservicewasstarted.<30>Apr1818:48:27MYSERVER-MLogParser:ServiceControlManager:TheTelephonyserviceenteredtherunningstate.<46>Apr1818:51:37MYSERVER-MLogParser:EventLog:TheEventlogservicewasstopped.<134>Apr1819:20:23MYSERVER-MLogParser:AtiHotKeyPoller:Theservicewasstarted.<46>Apr1819:20:07MYSERVER-MLogParser:EventLog:TheEventlogservicewasstarted.<30>Apr1819:20:47MYSERVER-MLogParser:ServiceControlManager:TheTelephonyserviceenteredtherunningstate.<46>Apr1819:33:17MYSERVER-MLogParser:EventLog:TheEventlogservicewasstopped.<134>Apr1907:01:57MYSERVER-MLogParser:AtiHotKeyPoller:Theservicewasstarted.<46>Apr1907:01:41MYSERVER-MLogParser:EventLog:TheEventlogservicewasstarted.<30>Apr1907:02:07MYSERVER-MLogParser:ServiceControlManager:TheTelephonyserviceenteredtherunningstate.
TheSYSLOGoutputformatcanbeoptionallyconfiguredwithaSyslogserverconfigurationfile,whichdescribestherulesusedtoforwardmessagestofiles,Syslogservers,orusers.
MessageStructureConfigurationFilesInto-EntitySyntaxParametersExamples
©2004MicrosoftCorporation.Allrightsreserved.
![Page 444: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/444.jpg)
SYSLOGOutputFormatMessageStructureTheSYSLOGoutputformatgeneratesmessagesformattedaccordingtotheSyslogspecificationsdescribedinRFC3164.Syslogmessagesconsistofsixparts,andtheSYSLOGoutputformatprovidesparametersthatallowuserstoassignconstantsoroutputrecordfieldstothedifferentpartsofamessage.
AsampleSyslogmessageisformattedasfollows:
<14>Nov1116:05:33MYSERVER-MLogParser:Theservicewasstarted.
Thismessageconsistsofthefollowingparts:
PRI: <14>
ThePRIpartisboundwithanglebracketsandcontainsadecimalPriorityvalue,whichinturnisbuiltasfollows:
Thefirst7bitscontainthefacilityvalue,describingtheoriginofthemessage;Thelast3bitscontaintheseverityvalue,describingtheimportanceofthemessage.
HEADER: Nov1116:05:33MYSERVER-M
TheHEADERpartconsistsofthefollowingtwoelements:
Atimestampvalue,indicatingthelocaltimeatwhichthemessagewasgenerated;Ahostnamevalue,indicatingthehostonwhichthemessageoriginated.
MSG: LogParser:Theservicewasstarted.
![Page 445: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/445.jpg)
TheMSGpartconsistsofthefollowingtwoelements:
Atagvalue,indicatingthenameoftheprogramorprocessthatgeneratedthemessage,followedbyacoloncharacter(":");Acontentvalue,containingthedetailsofthemessage.
FacilityThefacilityvalueisrepresentedbytheupper7bitsofthepriorityvalueinthePRIpartofthemessage,anditdescribestheapplicationoroperatingsystemcomponentthatoriginatedthemessage.Foradetailedlistofthenumericvaluesdesignatedforwell-knownoperatingsystemcomponents,refertoRFC3164.Thefollowingtableshowsthenamesassignedtothemostcommonfacilityvalues:
NumericalValue FacilityName
0 kern
1 user
2 mail
3 daemon
4 auth
5 mark
6 lpr
7 news
8 uucp
9 cron
![Page 446: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/446.jpg)
10 auth2
11 ftp
12 ntp
13 logaudit
14 logalert
15 clock
16 local0
17 local1
18 local2
19 local3
20 local4
21 local5
22 local6
23 local7
Inthepreviousexamplemessage,thepriorityvalue"14"indicatesafacilityvalueof1("user").
The
facilityparameteroftheSYSLOGoutputformatallowsuserstocontrolthevalueofthefacilityfieldintheoutputmessages.Thisparametercanbesettoanyofthefollowingvalues:Anumericvalue,suchas"1"or"23";Thenameofafacilityvalue,suchas"user"or"local7";
![Page 447: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/447.jpg)
Thenameorthe1-basedindexofanoutputrecordfieldprependedwithadollarcharacter("$"),suchas"$MyFacility"or"$2".ThespecifiedoutputrecordfieldmustbeofeithertheINTEGERdatatype-inwhichcaseitsvaluesareassumedtobenumericalfacilityvalues,oroftheSTRINGdatatype-inwhichcaseitsvaluesareassumedtobefacilitynamesamongthosedescribedintheprevioustable.Whenanoutputrecordfieldvaluedoesnotcontainarecognizedfacilitynameoritcontainsafacilityvaluegreaterthan23,theSYSLOGoutputformatusesadefaultfacilityvalueof1("user").
ThefollowingexamplequeryreturnseventmessagesfromtheSystemeventlogtogetherwitha"MyFacility"fieldthatmapseacheventsourcetoaSyslogfacilityname:
SELECTCASESourceNameWHEN'EventLog'THEN'mark'WHEN'ServiceControlManager'THEN'daemon'WHEN'Print'THEN'lpr'WHEN'Kerberos'THEN'auth'WHEN'NETLOGON'THEN'logaudit'WHEN'ApplicationPopup'THEN'local7'ELSE'local0'ENDASMyFacility,MessageINTOSYSLOGFROMSystem
Thisquerycanbeexecutedwiththefollowingcommand,whichspecifiesthatthefacilityvalueofeachoutputmessageistoberetrievedfromthe"MyFacility"outputrecordfield:
LogParserfile:MyQuery.sql-o:SYSLOG-conf:Myconfig.conf-facility:$MyFacilityTheSyslogmessagesgeneratedbythiscommandwilllooklikethefollowingexamples:
<134>Nov1318:17:25MYSERVER-MLogParser:Theservicewasstarted.<46>Nov1318:17:46MYSERVER-MLogParser:TheEventlogservicewasstarted.<30>Nov1318:17:46MYSERVER-MLogParser:TheTelephonyserviceenteredtherunningstate.<46>Nov1318:17:46MYSERVER-MLogParser:TheEventlogservicewasstopped.<134>Nov1318:17:46MYSERVER-MLogParser:Theservicewasstarted.<46>Nov1318:17:46MYSERVER-MLogParser:TheEventlogservicewasstarted.<30>Nov1318:17:46MYSERVER-MLogParser:TheTelephonyserviceenteredtherunningstate.
Theupper7bitsofthepriorityfieldofeachofthesemessagescontainthefacilityvalueprovidedbythe"MyFacility"outputrecordfield.
SeverityTheseverityvalueisrepresentedbythelower3bitsofthepriorityvalueinthePRIpartofthemessage,anditdescribestheimportanceofthemessage.Foradetaileddescriptionofthedifferentvaluesoftheseverityfield,refertoRFC3164.
![Page 448: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/448.jpg)
<46>Nov1318:17:46MYSERVER-MLogParser:TheEventlogservicewasstopped.<134>Nov1318:17:46MYSERVER-MLogParser:Theservicewasstarted.<46>Nov1318:17:46MYSERVER-MLogParser:TheEventlogservicewasstarted.<30>Nov1318:17:46MYSERVER-MLogParser:TheTelephonyserviceenteredtherunningstate.
Thefollowingtableshowsthenamescommonlyassignedtothedifferentseverityvalues:
NumericalValue SeverityName
0 emerg
1 alert
2 crit
3 err
4 warning
5 notice
6 info
7 debug
Forexample,apriorityvalueof"14"indicatesaseverityvalueof6("info").
The
severityparameteroftheSYSLOGoutputformatallowsuserstocontrolthevalueoftheseverityfieldintheoutputmessages.Thisparametercanbesettoanyofthefollowingvalues:Anumericvalue,suchas"1"or"7";Thenameofaseverityvalue,suchas"alert"or"debug";Thenameorthe1-basedindexofanoutputrecordfieldprependedwithadollarcharacter("$"),suchas"$MySeverity"or"$2".ThespecifiedoutputrecordfieldmustbeofeithertheINTEGERdatatype-inwhichcaseitsvaluesareassumedtobenumericalseverityvalues,oroftheSTRINGdatatype-inwhichcaseitsvaluesareassumedtobeseveritynamesamongthosedescribedintheprevioustable.Whenanoutputrecordfieldvaluedoesnotcontainarecognized
![Page 449: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/449.jpg)
severitynameoritcontainsaseverityvaluegreaterthan7,theSYSLOGoutputformatusesadefaultseverityvalueof6("info").
ThefollowingexamplequeryreturnseventmessagesfromtheSystemeventlogtogetherwitha"MySeverity"fieldthatmapseacheventtypetoaSyslogseverityname:
SELECTCASEEventTypeNameWHEN'Errorevent'THEN'err'WHEN'Warningevent'THEN'warning'WHEN'Informationevent'THEN'info'ELSE'info'ENDASMySeverity,MessageINTOSYSLOGFROMSystem
Thisquerycanbeexecutedwiththefollowingcommand,whichspecifiesthattheseverityvalueofeachoutputmessageistoberetrievedfromthe"MySeverity"outputrecordfield:
LogParserfile:MyQuery.sql-o:SYSLOG-conf:Myconfig.conf-severity:$MySeverityTheSyslogmessagesgeneratedbythiscommandwilllooklikethefollowingexamples:
<14>Nov1321:42:15MYSERVER-MLogParser:TheEventlogservicewasstarted.<11>Nov1321:42:15MYSERVER-MLogParser:TheComputerBrowserserviceterminatedwithservice-specificerror2550(0x9F6).<14>Nov1321:42:15MYSERVER-MLogParser:TheTerminalServicesservicewassuccessfullysentastartcontrol.<12>Nov1321:42:15MYSERVER-MLogParser:Arequesttosuspendpowerwasdeniedbywinlogon.exe.<14>Nov1321:42:15MYSERVER-MLogParser:TheEventlogservicewasstopped.
Thelower3bitsofthepriorityfieldofeachofthesemessagescontaintheseverityvalueprovidedbythe"MySeverity"outputrecordfield.
TimestampThetimestampfieldindicatesthelocaltimeatwhichthemessagewasoriginated,anditisusuallyformattedasfollows:
Nov1116:05:33
Ifthefirstfieldinthequeryoutputrecordsisofthe
TIMESTAMPdatatype,theSYSLOGoutputformatwillusethefieldvaluestopopulatethetimestampfieldintheoutputmessages.Ontheotherhand,ifthefirstfieldisnotoftheTIMESTAMPdatatype,theSYSLOGoutputformatwillusethecurrentlocaltime.
ThefollowingexamplequeryreturnseventmessagesfromtheSystem
![Page 450: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/450.jpg)
eventlogtogetherwiththedateandtimeatwhichtheeventshavebeengenerated:
SELECTTimeGenerated,MessageINTOSYSLOGFROMSystemWHERESourceName='EventLog'
TheSyslogmessagesgeneratedbythisquerywilllooklikethefollowingexamples:
<14>Apr1818:48:04MYSERVER-MLogParser:TheEventlogservicewasstarted.<14>Apr1818:51:37MYSERVER-MLogParser:TheEventlogservicewasstopped.<14>Apr1819:20:07MYSERVER-MLogParser:Microsoft(R)Windows(R)5.01.2600ServicePack1UniprocessorFree.<14>Apr1819:20:07MYSERVER-MLogParser:TheEventlogservicewasstarted.<14>Apr1819:33:17MYSERVER-MLogParser:TheEventlogservicewasstopped.<14>Apr1907:01:41MYSERVER-MLogParser:Microsoft(R)Windows(R)5.01.2600ServicePack1UniprocessorFree.<14>Apr1907:01:41MYSERVER-MLogParser:TheEventlogservicewasstarted.<14>Apr1907:29:19MYSERVER-MLogParser:TheEventlogservicewasstopped.
HostnameThehostnamefieldindicatestheserveronwhichthemessageoriginated.
The
hostNameparameteroftheSYSLOGoutputformatallowsuserstocontrolthevalueofthehostnamefieldintheoutputmessages.Thisparametercanbesettoanyofthefollowingvalues:The"localhost"keyword,specifyingthatthefieldshouldbepopulatedwiththelocalcomputername;Agenericstringindicatingthedesiredhostname,suchas"MYCOMPUTER";Thenameorthe1-basedindexofanoutputrecordfieldprependedwithadollarcharacter("$"),suchas"$MyHostname"or"$2".ThespecifiedoutputrecordfieldmustbeoftheSTRINGdatatype,anditsvalueswillbeusedtopopulatethehostnamefieldintheoutputmessages.
Whennovalueisspecifiedforthe"hostName"parameter,thehostnamefieldisautomaticallypopulatedwiththelocalcomputername.
ThefollowingexamplequeryreturnseventmessagesfromtheSystemeventlogofdifferentcomputers,togetherwiththecomputernameonwhichtheeventoriginated:
![Page 451: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/451.jpg)
SELECTMessage,ComputerNameINTOSYSLOGFROM\\MYSERVER01\System,\\MYSERVER02\System,\\MYSERVER03\System
Thisquerycanbeexecutedwiththefollowingcommand,whichspecifiesthatthehostnamefieldofeachoutputmessageistoberetrievedfromthesecondoutputrecordfield:
LogParserfile:MyQuery.sql-o:SYSLOG-conf:Myconfig.conf-hostName:$2
TheSyslogmessagesgeneratedbythiscommandwilllooklikethefollowingexamples:
<14>Nov1322:07:11MYSERVER03LogParser:Microsoft(R)Windows(R)5.01.2600ServicePack1UniprocessorFree.<14>Nov1322:07:11MYSERVER03LogParser:TheEventlogservicewasstarted.<14>Nov1322:07:11MYSERVER01LogParser:TheTerminalServicesservicewassuccessfullysentastartcontrol.<14>Nov1322:07:11MYSERVER02LogParser:TheNetworkConnectionsservicewassuccessfullysentastartcontrol.<14>Nov1322:07:11MYSERVER01LogParser:TheTerminalServicesserviceenteredtherunningstate.<14>Nov1322:07:11MYSERVER02LogParser:TheNetworkConnectionsserviceenteredtherunningstate.<14>Nov1322:07:11MYSERVER02LogParser:TheSSDPDiscoveryServiceservicewassuccessfullysentastartcontrol.<14>Nov1322:07:11MYSERVER03LogParser:TheSSDPDiscoveryServiceservicewassuccessfullysentastartcontrol.
TagThetagfieldindicatesthenameoftheprogramorprocessthatgeneratedthemessage.
The
processNameparameteroftheSYSLOGoutputformatallowsuserstocontrolthevalueofthetagfieldintheoutputmessages.Thisparametercanbesettoanyofthefollowingvalues:Agenericstringindicatingthedesiredtagfieldvalue,suchas"MyReports";Thenameorthe1-basedindexofanoutputrecordfieldprependedwithadollarcharacter("$"),suchas"$MyProgram"or"$2".ThespecifiedoutputrecordfieldmustbeoftheSTRINGdatatype,anditsvalueswillbeusedtopopulatethetagfieldintheoutputmessages.
Whennovalueisspecifiedforthe"processName"parameter,thetagfieldisautomaticallypopulatedwith"LogParser:".
ContentThecontentfieldcontainsthedetailsofthemessage,anditsvalueisbuiltbytheSYSLOGoutputformatbyconcatenatingthevaluesofallthe
![Page 452: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/452.jpg)
outputrecordfields,excludingthosefieldsthatareusedforthevaluesofthe
facility,severity,timestamp,hostname,andtagmessagefields.
ThefollowingexamplequeryreturnsinformationfromtheSystemeventlog:
SELECTSourceName,EventTypeName,EventCategoryName,MessageINTOSYSLOGFROMSystem
TheSyslogmessagesgeneratedbythisquerywilllooklikethefollowingexamples:
<14>Nov1322:27:17MYSERVER-MLogParser:EventLogInformationeventNoneMicrosoft(R)Windows(R)5.01.2600ServicePack1UniprocessorFree.<14>Nov1322:27:17MYSERVER-MLogParser:EventLogInformationeventNoneTheEventlogservicewasstarted.<14>Nov1322:27:17MYSERVER-MLogParser:ServiceControlManagerErroreventNoneTheComputerBrowserserviceterminatedwithservice-specificerror2550(0x9F6).<14>Nov1322:27:17MYSERVER-MLogParser:EventLogInformationeventNoneTheEventlogservicewasstopped.<14>Nov1322:27:17MYSERVER-MLogParser:AtiHotKeyPollerInformationeventNoneTheservicewasstarted.<14>Nov1322:27:17MYSERVER-MLogParser:EventLogInformationeventNoneMicrosoft(R)Windows(R)5.01.2600ServicePack1UniprocessorFree.<14>Nov1322:27:17MYSERVER-MLogParser:EventLogInformationeventNoneTheEventlogservicewasstarted.<14>Nov1322:27:17MYSERVER-MLogParser:EventLogInformationeventNoneTheEventlogservicewasstopped.
©2004MicrosoftCorporation.Allrightsreserved.
![Page 453: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/453.jpg)
SYSLOGOutputFormatConfigurationFilesMessagesgeneratedbytheSYSLOGoutputformatcanbeforwardedtoanyofthefollowingthreepossibledestinations:
ASyslogserver;Atextfile;Auser,throughtheWindowsalerterandmessengerservices.
TheconfparameteroftheSYSLOGoutputformatallowsuserstospecifyaconfigurationfileresemblingthestandard"syslog.conf"filethatdescribestherulesusedtoforwardmessagestodifferentdestinations.TheserulesassociatevaluesofthefacilityandseveritymessagefieldswithspecificSyslogservers,textfiles,orusers.
Eachlineinaconfigurationfileiseitheracommentbeginningwiththepoundcharacter("#"),oraconfigurationentry.Configurationentrieshavethefollowingsyntax:
<config_entry> ::= <selector><action>
<selector> ::= <facilities>.<severity>
<facilities> ::= <facility>[,<facility>...]
<facility> ::= kern|user|mail|daemon|auth|mark|lpr|news|uucp|cron|auth2|ftp|ntp|logaudit|logalert|clock|local0|local1|local2|local3|local4|local5|local6|local7|*
<severity> ::= emerg|alert|crit|err|warning|notice|info|debug
<action> ::= <send_server>|<send_file>|
![Page 454: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/454.jpg)
<send_user>
<send_server> ::= @<server_name>[:<port>]
<send_file> ::= <filepath>|STDOUT
<send_user> ::= <user_name>
Aconfigurationentryiscomposedofaselectorandanaction,separatedbyspacesortabcharacters.Aselectorisacomma-separatedlistoffacilitynamesfollowedbyadot(".")andfollowedbyaseverityname.Thespecial"*"wildcardmeans"allfacilities".Messageswhosefacilityisincludedintheselector'ssetoffacilitiesandwhoseseverityisgreaterthanorequaltotheselector'sseverityareforwardedtothedestinationspecifiedintheaction.
Anactioncanspecifyanyofthefollowingdestinations:
ThenameoraddressofaSyslogserver,precededbyanatcharacter("@")andoptionallyfollowedbyaportnumber;whennoportnumberisspecified,theSYSLOGoutputformatwilluseport514;Thepathofanoutputfilename;TheSTDOUTkeyword,whichspecifiesthattheoutputdataistobewrittentotheoutputstream(theconsoleoutput);Thenameofauser.
ThefollowingexampleshowsaSYSLOGoutputformatconfigurationfile:
##SampleSYSLOGoutputformatconfigurationfile#auth.err@MYSERVER01*.debugSTDOUT*.infoC:\MyLogs\Infos.txt
Thisconfigurationfiledefinesthefollowingrules:Messagesfromthe"auth"facilitywithaseveritygreaterthanorequalto"err"areforwardedtothe"MYSERVER01"Syslogserveronport514;
![Page 455: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/455.jpg)
kern.emergMYUSERlocal0,[email protected]:515Allmessageshavingaseveritygreaterthanorequalto"debug"aredisplayedintheconsoleoutput;Allmessageshavingaseveritygreaterthanorequalto"info"arewrittentothe"C:\MyLogs\Infos.txt"textfile;Messagesfromthe"kern"facilitywithaseveritygreaterthanorequalto"emerg"aresenttothe"MYUSER"user;Messagesfromthe"local0"or"local1"facilitieswithaseveritygreaterthanorequalto"emerg"areforwardedtotheSyslogserverwithaddress192.168.1.100onport515.
Messagesmatchingmorethanoneruleareforwardedtoallthespecifieddestinations.Forexample,withtheaboveconfigurationfile,messageshavingaseveritygreaterthanorequalto"debug"arebothdisplayedintheconsoleoutputandwrittentothe"C:\MyLogs\Infos.txt"textfile.
Actionscanalsobespecifiedintheinto-entityofthequery.Theseactionsareprocessedasruleshavingaselectorthatmatchesallmessages,witha"*"facilityvalueandan"emerg"severityvalue.
©2004MicrosoftCorporation.Allrightsreserved.
![Page 456: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/456.jpg)
SYSLOGOutputFormatInto-EntitySyntax<into-entity> ::= <action>[,<action>...]|
SYSLOG
<action> ::= <send_server>|<send_file>|<send_user>
<send_server> ::= @<server_name>[:<port>]
<send_file> ::= <filepath>|STDOUT
<send_user> ::= <user_name>
The<into-entity>specifiedinqueriesusingtheSYSLOGoutputformatiseitherthe"SYSLOG"keyword,whichspecifiesthatmessagesshouldbeforwardedaccordingtotherulesintheconfigurationfilespecifiedfortheconfparameter,oracomma-separatedlistofactions,whereeachactioniseither:
ThenameoraddressofaSyslogserver,precededbyanatcharacter("@")andoptionallyfollowedbyaportnumber;whennoportnumberisspecified,theSYSLOGoutputformatwilluseport514;Thepathofanoutputfilename;TheSTDOUTkeyword,whichspecifiesthattheoutputdataistobewrittentotheoutputstream(theconsoleoutput);Thenameofauser,towhichSyslogmessageswillbesentthroughtheWindowsalerterandmessengerservices.
Whenaconfigurationfilehasbeenspecifiedthroughthe"conf"parameter,queriesareallowedtonotprovideanINTOclauseatall;ifanINTOclauseisused,itsinto-entitymustbespecifiedas"SYSLOG".
![Page 457: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/457.jpg)
Whenaconfigurationfilehasnotbeenspecified,theINTOclauseismandatoryanditmustcontainatleastonevalidaction.
Actionsspecifiedintheinto-entityareprocessedasconfigurationruleshavingaselectorthatmatchesallmessages,witha"*"facilityvalueandan"emerg"severityvalue.
Examples:
INTOSYSLOG
INTO@MYSERVER02:515
INTO\\COMPUTER01\Reports\report.txt
INTOMYUSER
INTO@MYSERVER01,C:\MyLogs\Infos.txt,STDOUT,MYUSER,@192.168.1.100:515
©2004MicrosoftCorporation.Allrightsreserved.
![Page 458: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/458.jpg)
SYSLOGOutputFormatParametersTheSYSLOGoutputformatsupportsthefollowingparameters:
conf
Values: filepath
Default: notspecified
Description: Syslogconfigurationfile.
Details: Thisparameterspecifiesthepathtoaconfigurationfilethatdescribestherulesusedtoforwardmessagestodifferentdestinations.Whenthisparameterisused,queriesareallowedtonotprovideanINTOclauseatall;ifanINTOclauseisused,itsinto-entitymustbespecifiedas"SYSLOG".Formoreinformationonconfigurationfiles,seeSYSLOGOutputFormatConfigurationFiles.
Example: -conf:C:\mysyslog.confseverity
Values: <numeric_value>|<name>|$<field_name>|$<field_index>
Default: info
Description: Messageseveritylevel.
Details: Thisparametercontrolsthevalueoftheseverityfieldoftheoutputmessages.Thepossiblevaluesforthisparameterare:Anumericvalue,suchas"1"or"7";Thenameofaseverityvalue,suchas"alert"or"debug";Thenameorthe1-basedindexofanoutputrecord
![Page 459: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/459.jpg)
fieldprependedwithadollarcharacter("$"),suchas"$MySeverity"or"$2".ThespecifiedoutputrecordfieldmustbeofeithertheINTEGERdatatype-inwhichcaseitsvaluesareassumedtobenumericalseverityvalues,oroftheSTRINGdatatype-inwhichcaseitsvaluesareassumedtobeseveritynamesamongthosedescribedintheprevioustable.Whenanoutputrecordfieldvaluedoesnotcontainarecognizedseveritynameoritcontainsaseverityvaluegreaterthan7,theSYSLOGoutputformatusesadefaultseverityvalueof6("info").
Formoreinformationontheseverityfieldoftheoutputmessages,seeSYSLOGOutputFormatMessageStructure.
Examples: -severity:1-severity:alert-severity:$MySeverity-severity:$2
facility
Values: <numeric_value>|<name>|$<field_name>|$<field_index>
Default: user
Description: Messagefacility.
Details: Thisparametercontrolsthevalueofthefacilityfieldoftheoutputmessages.Thepossiblevaluesforthisparameterare:Anumericvalue,suchas"1"or"23";Thenameofafacilityvalue,suchas"user"or"local7";Thenameorthe1-basedindexofanoutputrecordfieldprependedwithadollarcharacter("$"),suchas
![Page 460: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/460.jpg)
"$MyFacility"or"$2".ThespecifiedoutputrecordfieldmustbeofeithertheINTEGERdatatype-inwhichcaseitsvaluesareassumedtobenumericalfacilityvalues,oroftheSTRINGdatatype-inwhichcaseitsvaluesareassumedtobefacilitynamesamongthosedescribedintheprevioustable.Whenanoutputrecordfieldvaluedoesnotcontainarecognizedfacilitynameoritcontainsafacilityvaluegreaterthan23,theSYSLOGoutputformatusesadefaultfacilityvalueof1("user").
Formoreinformationonthefacilityfieldoftheoutputmessages,seeSYSLOGOutputFormatMessageStructure.
Examples: -facility:23-facility:local7-facility:$MyFacility-facility:$2
oTsFormat
Values: timestampformat
Default: MMMdphh:mm:ss
Description: Formatofthetimestampfield.
Details: Thisparameterspecifiestheformatofthetimestampfieldoftheoutputmessages.Formoreinformationondateandtimeformats,seeTimestampFormatSpecifiers.Formoreinformationonthetimestampfieldoftheoutputmessages,seeSYSLOGOutputFormatMessageStructure.
Example: -oTsFormat:"MMMdd,yyyy"
![Page 461: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/461.jpg)
hostName
Values: localhost|<name>|$<field_name>|$<field_index>
Default: localhost
Description: Valueofthehostnamefield.
Details: Thisparametercontrolsthevalueofthehostnamefieldoftheoutputmessages.Thepossiblevaluesforthisparameterare:The"localhost"keyword,specifyingthatthefieldshouldbepopulatedwiththelocalcomputername;Agenericstringindicatingthedesiredhostname,suchas"MYCOMPUTER";Thenameorthe1-basedindexofanoutputrecordfieldprependedwithadollarcharacter("$"),suchas"$MyHostname"or"$2".ThespecifiedoutputrecordfieldmustbeoftheSTRINGdatatype,anditsvalueswillbeusedtopopulatethehostnamefieldintheoutputmessages.
Formoreinformationonthehostnamefieldoftheoutputmessages,seeSYSLOGOutputFormatMessageStructure.
Examples: -hostName:MYCOMPUTER-hostName:$MyHostname-hostName:$2
processName
Values: <name>|$<field_name>|$<field_index>
Default: LogParser:
Description: Valueofthetagfield.
Details: Thisparametercontrolsthevalueofthetagfieldofthe
![Page 462: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/462.jpg)
outputmessages.Thepossiblevaluesforthisparameterare:Agenericstringindicatingthedesiredtagfieldvalue,suchas"MyReports";Thenameorthe1-basedindexofanoutputrecordfieldprependedwithadollarcharacter("$"),suchas"$MyProgram"or"$2".ThespecifiedoutputrecordfieldmustbeoftheSTRINGdatatype,anditsvalueswillbeusedtopopulatethetagfieldintheoutputmessages.
Formoreinformationonthetagfieldoftheoutputmessages,seeSYSLOGOutputFormatMessageStructure.
Examples: -processName:MyReports-processName:$MyProgram-processName:$2
separator
Values: anystring|space|tab
Default: space
Description: Separatorbetweenfields.
Details: Thisparametercontrolstheseparatortobeusedbetweenthemessagefields.The"tab"keywordcausestheSYSLOGoutputformattouseasingletabcharacterbetweenthefields,whilethe"space"keywordcausestheSYSLOGoutputformattouseasinglespacecharacter.
Example: -separator:tabmaxPacketSize
Values: numberofbytes
![Page 463: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/463.jpg)
Default: 1024
Description: Maximummessagesize.
Details: ThisparametercontrolsthemaximumsizeofthemessagesgeneratedbytheSYSLOGoutputformat.Messageswhosesizeexceedsthevaluespecifiedforthisparameterareeithertruncatedordiscarded,dependingonthevalueofthe"discardOversized"parameter.
Example: -maxPacketSize:8192discardOversized
Values: ON|OFF
Default: OFF
Description: Discardoversizedmessages.
Details: Whenthisparameterissetto"ON",theSYSLOGoutputformatdiscardsmessageswhosesizeexceedsthevaluespecifiedforthe"maxPacketSize"parameter.Whenthisparameterissetto"OFF",theSYSLOGoutputformattruncatesoversizedmessagestothesizespecifiedwiththe"maxPacketSize"parameter.
Example: -discardOversized:ONprotocol
Values: UDP|TCP
Default: UDP
Description: Protocolusedfortransmission.
Details: ThisparameterspecifiestheprotocoltousewhensendingmessagestoSyslogservers.
![Page 464: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/464.jpg)
Example: -protocol:TCP
sourcePort
Values: portnumber|*
Default: *
Description: Sourceporttousefortransmission.
Details: ThisparameterspecifiesthesourceporttousewhensendingmessagestoSyslogservers.Specifying"*"causestheSYSLOGoutputformattochooseanyavailableportnumber.
Example: -sourcePort:514ignoreDspchErrs
Values: ON|OFF
Default: OFF
Description: Ignoredispatcherrors.
Details: Settingthisparameterto"ON"causestheSYSLOGoutputformattobuffererrorsoccurringwhiletransmittingmessagestoSyslogserversorusers,reportingalltheerrorsaswarningswhenthequeryexecutionhascompleted.Settingthisparameterto"OFF"causestheSYSLOGoutputformattoreporterrorsastheyoccur,abortingtheexecutionofthequery.
Example: -ignoreDspchErrs:ONoCodepage
Values: codepageID(number)
![Page 465: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/465.jpg)
Default: 0
Description: Codepageoftheoutputmessagetext.
Details: 0isthesystemcodepage,-1isUNICODE.
Example: -oCodepage:1245
©2004MicrosoftCorporation.Allrightsreserved.
![Page 466: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/466.jpg)
SYSLOGOutputFormatExamplesExportSystemEventLogExporteventsfromtheSystemeventlogtoaSyslogserverandtoalocalfile:
SELECTTimeGenerated,CASESourceNameWHEN'EventLog'THEN'mark'WHEN'ServiceControlManager'THEN'daemon'WHEN'Print'THEN'lpr'WHEN'Kerberos'THEN'auth'WHEN'NETLOGON'THEN'logaudit'WHEN'ApplicationPopup'THEN'local7'ELSE'local0'ENDASMyFacility,CASEEventTypeNameWHEN'Errorevent'THEN'err'WHEN'Warningevent'THEN'warning'WHEN'Informationevent'THEN'info'ELSE'info'ENDASMySeverity,ComputerName,STRCAT(SourceName,':'),MessageINTO@MYSERVER04,Log.txtFROMSystem
Thisquerycanbeexecutedwiththefollowingcommand:
LogParserfile:MyQuery.sql-o:SYSLOG-facility:$MyFacility-severity:$MySeverity-hostName:$ComputerNameTheoutputwilllooklikethefollowingsample:
<46>Apr1818:48:04MYSERVER-MLogParser:EventLog:TheEventlogservicewasstarted.<30>Apr1818:48:27MYSERVER-MLogParser:ServiceControlManager:TheTelephonyserviceenteredtherunningstate.<46>Apr1818:51:37MYSERVER-MLogParser:EventLog:TheEventlogservicewasstopped.<134>Apr1819:20:23MYSERVER-MLogParser:AtiHotKeyPoller:Theservicewasstarted.<46>Apr1819:20:07MYSERVER-MLogParser:EventLog:TheEventlogservicewasstarted.<30>Apr1819:20:47MYSERVER-MLogParser:ServiceControlManager:TheTelephonyserviceenteredtherunningstate.<46>Apr1819:33:17MYSERVER-MLogParser:EventLog:TheEventlogservicewasstopped.<134>Apr1907:01:57MYSERVER-MLogParser:AtiHotKeyPoller:Theservicewasstarted.<46>Apr1907:01:41MYSERVER-MLogParser:EventLog:TheEventlogservicewasstarted.<30>Apr1907:02:07MYSERVER-MLogParser:ServiceControlManager:TheTelephonyserviceenteredtherunningstate.
IISLogErrorEntriesSenderrorentriesintheIISlogtoaSyslogserver:
SELECTTO_TIMESTAMP(date,time),CASEsc-statusWHEN500THEN'emerg'ELSE'err'ENDASMySeverity,s-computernameASMyHostname,cs-uri-stem,sc-statusINTO@MYSERVER04FROM<1>WHEREsc-status>=400
Thisquerycanbeexecutedwiththefollowingcommand:
LogParserfile:MyQuery.sql-o:SYSLOG-facility:logalert-severity:$MySeverity-hostName:$MyHostname-processName:IIS:Themessageswilllooklikethefollowingsamples:
<115>Nov1800:28:43MYSERVER04IIS:/images/tibg.gif404<115>Nov1800:28:44MYSERVER04IIS:/aa.css404<115>Nov1800:28:59MYSERVER04IIS:/images/tibg.gif404<115>Nov1800:29:00MYSERVER04IIS:/aa.css404<115>Nov1800:29:01MYSERVER04IIS:/images/tibg.gif404<115>Nov1800:29:02MYSERVER04IIS:/images/tibg.gif404
©2004MicrosoftCorporation.Allrightsreserved.
![Page 467: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/467.jpg)
<115>Nov1800:29:04MYSERVER04IIS:/gorice/rulesinfo.nsf403<115>Nov1800:29:05MYSERVER04IIS:/_vti_inf.html404<112>Nov1800:29:05MYSERVER04IIS:/_vti_bin/shtml.dll500<115>Nov1800:31:51MYSERVER04IIS:/na/index.html404
![Page 468: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/468.jpg)
TPLOutputFormatTheTPLoutputformatwritesoutputrecordsformattedaccordingtouser-definedtemplates.
Templatesaretextfilesdividedintothreesections-aheader,abody,andafooter-containingvariablesthatrefertothevaluesandnamesoftheoutputrecordfields.Duringtheoutputgenerationstage,theTPLoutputformatsubstitutesthevariableswiththevaluesoftheoutputrecordfields,generatingtextfilesformattedaccordingtotheuserspecifications.
TheflexibilityoftheTPLoutputformatallowsuserstogenerateHTMLfiles,XMLfiles,andgenerictextfilesinalmostanyformat.
TemplateFilesInto-EntitySyntaxParametersExamples
©2004MicrosoftCorporation.Allrightsreserved.
![Page 469: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/469.jpg)
TPLOutputFormatTemplateFilesTemplatefilesaredividedintothreesections:anoptionalheadersectionthatiswrittenonceatthebeginningoftheoutput,abodysectionthatiswrittenrepeatedlyforeachoutputrecord,andanoptionalfootersectionthatiswrittenonceattheendoftheoutput.Thebodysectioncancontainspecialvariablesthataresubstitutedatruntimewithvaluescomputedduringtheexecutionofthequery,suchasvaluesandnamesofoutputrecordfields,andthenumberoffieldsintheoutputrecords.Theheaderandfootersectionscancontainthesamevariablesavailabletothebodysection,exceptforthosethatrefertovaluesofoutputrecordfields.
Templatefilescanbespecifiedintwodifferentways:asrawformattemplates,orasstructuredformattemplates.
RawFormatTemplatesIntherawformat,thethreetemplatesectionsarespecifiedasthreedifferentfiles.Thetemplatefilecontainingthebodysectionisspecifiedusingthetplparameter,whiletheoptionalheaderandfootersectionsarespecifiedwiththetplHeaderandtplFooterparameters,respectively.
Thefollowingisasamplerawformattemplatefilecontainingthebodysection:
TheUrl%cs-uri-stem%,requestedby%c-ip%,took%time-taken%millisecondstoexecute.Itwasrequestedat%time%o’clock.ThefollowingcommandparsesanIISlogfileandcreatesatextfileformattedaccordingtothetemplatefile:
LogParser"SELECT*INTOout.txtFROMextend1.log"-o:TPL-tpl:mytemplate.tplTheresultingoutputwilllooklikethefollowingexample:
![Page 470: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/470.jpg)
TheUrl/default.htm,requestedby192.168.1.102,took24millisecondstoexecute.Itwasrequestedat04:23:45o’clock.TheUrl/mydocuments/index.html,requestedby192.168.1.104,took134millisecondstoexecute.Itwasrequestedat04:23:47o’clock.TheUrl/mydocuments/styles/style.css,requestedby192.168.1.101,took49millisecondstoexecute.Itwasrequestedat04:23:48o’clock.
StructuredFormatTemplatesInthestructuredformat,asingletemplatefilecontainstheheader,body,andfootersections,eachenclosedwithinspecial<LPHEADER>,<LPBODY>,and<LPFOOTER>tagsthatmarktheboundariesofeachsection.Structuredformattemplatefilesarespecifiedusingthetplparameter.
Thefollowingisasamplestructuredformattemplatefile:
<LPHEADER>Thisismytemplate,foraquerycontaining%FIELDS_NUM%fields,executedby%USERNAME%.</LPHEADER>Someignoredcommenthere.<LPBODY>TheUrl%cs-uri-stem%,requestedby%c-ip%,took%time-taken%millisecondstoexecute.Itwasrequestedat%time%o’clock.</LPBODY><LPFOOTER>Endofreport.</LPFOOTER>
ThefollowingcommandparsesanIISlogfileandcreatesatextfileformattedaccordingtothetemplatefile:
LogParser"SELECT*INTOout.txtFROMextend1.log"-o:TPL-tpl:mytemplate.tplTheresultingoutputwilllooklikethefollowingexample:
Thisismytemplate,foraquerycontaining32fields,executedbyTestUser.TheUrl/default.htm,requestedby192.168.1.102,took24millisecondstoexecute.Itwasrequestedat04:23:45o’clock.TheUrl/mydocuments/index.html,requestedby192.168.1.104,took134millisecondstoexecute.Itwasrequestedat04:23:47o’clock.TheUrl/mydocuments/styles/style.css,requestedby192.168.1.101,took49millisecondstoexecute.Itwasrequestedat04:23:48o’clock.Endofreport.
Note:TheTPLoutputformatassumesthatthecharacterimmediatelyfollowingtheopeningtagforasection,suchas<LPBODY>,belongstothatsection.
TemplateVariablesThefollowingtableliststhevariablesthatareavailabletotemplatefiles:
Variable Description ExampleTemplate
%FIELD_n% Valueoftheoutput
Firstfieldvalue:%FIELD_1%
![Page 471: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/471.jpg)
recordfieldwiththespecified1-basedindex
%field_name% Valueofthespecifiedoutputrecordfield
Firstfieldvalue:%SourceName%
%FIELDNAME_n% Nameoftheoutputrecordfieldwiththespecified1-basedindex
%FIELDNAME_1%value:%FIELD_1%
%FIELDS_NUM% Numberofoutputrecordfields
Thereare%FIELDS_NUM%fields.
%SYSTEM_TIMESTAMP% Currentsystemdateandtime,inUTCcoordinates
Generatedat%SYSTEM_TIMESTAMP%
%environment_variable% Valueofthespecifiedenvironment
variable1
Generatedby%USERNAME%
![Page 472: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/472.jpg)
Notes:(1):Whenavariablematchesbothafieldnameandanenvironmentvariable,thefieldvalueissubstituted.
©2004MicrosoftCorporation.Allrightsreserved.
![Page 473: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/473.jpg)
TPLOutputFormatInto-EntitySyntax<into-entity> ::= <filename>|
STDOUT
The<into-entity>specifiedinqueriesusingtheTPLoutputformatiseither:
Afilename;The"STDOUT"keyword,whichspecifiesthattheoutputdataistobewrittentotheoutputstream(theconsoleoutput).
Thedefaultinto-entityforqueriesthatdonotspecifyanINTOclauseis"STDOUT".
TheTPLoutputformatsupportsthemultiplexfeature,whichcanbeenabledbyspecifying'*'wildcardsintheinto-entityfilename.Thisfeatureallowsoutputrecordstobewrittentodifferentfilesdependingonthevaluesoftheirfields.Formoreinformationonthemultiplexfeature,seeMultiplexingOutputRecords.
Examples:
INTOMyPage.html
INTO\\COMPUTER01\Reports\report.txt
INTOSTDOUT
INTOReports_*_*\Report*.txt
©2004MicrosoftCorporation.Allrightsreserved.
![Page 474: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/474.jpg)
TPLOutputFormatParametersTheTPLoutputformatsupportsthefollowingparameters:
tpl
Values: filepath
Default: notspecified
Description: Templatefile.
Details: Whenusingrawformattemplatefiles,thisparameterspecifiesthetemplatefilecontainingthebodysection.Whenusingstructuredformattemplatefiles,thisparameterspecifiesthesingletemplatefilethatcontainstheheader,body,andfootersections.Formoreinformationontemplatefiles,seeTemplateFiles.
Example: -tpl:MyTemplate.tpltplHeader
Values: filepath
Default: notspecified
Description: Templateheaderfile.
Details: Whenusingrawformattemplatefiles,thisparameterspecifiesthetemplatefilecontainingtheheadersection.Whenusingstructuredformattemplatefiles,thisparameterspecifiesarawformattemplatefilethatoverridesthe<LPHEADER>sectionofthestructuredformattemplatefilespecifiedwiththe"tpl"parameter.Formoreinformationontemplatefiles,seeTemplateFiles.
![Page 475: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/475.jpg)
Example: -tplHeader:MyTemplateHeader.tpltplFooter
Values: filepath
Default: notspecified
Description: Templatefooterfile.
Details: Whenusingrawformattemplatefiles,thisparameterspecifiesthetemplatefilecontainingthefootersection.Whenusingstructuredformattemplatefiles,thisparameterspecifiesarawformattemplatefilethatoverridesthe<LPFOOTER>sectionofthestructuredformattemplatefilespecifiedwiththe"tpl"parameter.Formoreinformationontemplatefiles,seeTemplateFiles.
Example: -tplFooter:MyTemplateFooter.tplnoEmptyFile
Values: ON|OFF
Default: ON
Description: Donotgenerateemptyfiles.
Details: Whenaquerydoesnotproduceoutputrecords,theTPLoutputformatdoesnotwriteabodysection,andtheresultingoutputfilecouldbeempty.Settingthisparameterto"ON"causestheTPLoutputformattoavoidgeneratinganemptyfileinthesesituations.
Example: -noEmptyFile:OFFoCodepage
Values: codepageID(number)
![Page 476: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/476.jpg)
Default: 0
Description: Codepageoftheoutputtext.
Details: 0isthesystemcodepage,-1isUNICODE.
Example: -oCodepage:1245fileMode
Values: 0|1|2
Default: 1
Description: Actiontoperformwhenanoutputfilealreadyexists.
Details: ThisparametercontrolsthebehavioroftheTPLoutputformatwhentheinto-entityspecifiesdirectlyorindirectlythroughthe"multiplex"featurethenameofafilethatalreadyexists.Thepossiblevaluesforthisparameterare:0:existingfilesareappendedwiththeoutput;1:existingfilesareoverwrittenwiththeoutput;2:existingfilesareleftintact,discardingtheoutput.
Example: -fileMode:0
©2004MicrosoftCorporation.Allrightsreserved.
![Page 477: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/477.jpg)
TPLOutputFormatExamplesLast50SecurityEventsCreateanHTMLpagecontainingthemostrecent50eventsfromtheSecurityeventlog:
LogParser"SELECTTOP50TimeGenerated,SourceName,EventID,MessageINTOEvents.htmlFROMSecurity"-i:EVT-direction:BW-o:TPL-tpl:HTMLBody.txt-tplHeader:HTMLHeader.txt-tplFooter:HTMLFooter.txt
MSDNBLogsChannelTitlesDisplaytitlesofcurrentchannelsonMSDNBLogs:
LogParser"SELECTtitleINTOchannels.txtFROMhttp://blogs.msdn.com/MainFeed.aspx#/rss/channel/item"-i:XML-fMode:Tree-o:TPL-tpl:mytemplate.tpl
©2004MicrosoftCorporation.Allrightsreserved.
![Page 478: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/478.jpg)
TSVOutputFormatTheTSVoutputformatwritesoutputrecordsastab-separatedorspace-separatedvaluestext.
TheoutputoftheTSVoutputformatconsistsofmultiplelinesoftext,onelineforeachoutputrecord.Eachlinecontainsthevaluesoftheoutputrecordfields,separatedbyeitheratabcharacteroraspacecharacter,dependingonthevalueoftheoSeparatorparameter.Ifenabledthroughtheheadersparameter,thefirstlineintheoutputisa"header"thatcontainsthenamesofthefields.
ThefollowingsampleshowstheoutputoftheTSVoutputformatwhenusingthedefaultvaluesforitsparameters:
EventID SourceName EventType TimeGenerated6009 EventLog4 2004-04-1818:48:046005 EventLog4 2004-04-1818:48:047024 ServiceControlManager 1 2004-04-1818:48:277035 ServiceControlManager 4 2004-04-1818:48:277035 ServiceControlManager 4 2004-04-1818:48:277036 ServiceControlManager 4 2004-04-1818:48:277036 ServiceControlManager 4 2004-04-1818:48:277035 ServiceControlManager 4 2004-04-1818:48:277036 ServiceControlManager 4 2004-04-1818:48:277035 ServiceControlManager 4 2004-04-1818:48:277036 ServiceControlManager 4 2004-04-1818:48:277035 ServiceControlManager 4 2004-04-1818:48:277036 ServiceControlManager 4 2004-04-1818:48:277035 ServiceControlManager 4 2004-04-1818:48:277036 ServiceControlManager 4 2004-04-1818:48:277036 ServiceControlManager 4 2004-04-1818:48:277035 ServiceControlManager 4 2004-04-1818:48:367036 ServiceControlManager 4 2004-04-1818:51:267036 ServiceControlManager 4 2004-04-1818:51:296006 EventLog4 2004-04-1818:51:37
Into-EntitySyntaxParametersExamples
Seealso:CSVOutputFormatTSVInputFormat
©2004MicrosoftCorporation.Allrightsreserved.
![Page 479: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/479.jpg)
TSVOutputFormatInto-EntitySyntax<into-entity> ::= <filename>|
STDOUT
The<into-entity>specifiedinqueriesusingtheTSVoutputformatiseither:
Afilename;The"STDOUT"keyword,whichspecifiesthattheoutputdataistobewrittentotheoutputstream(theconsoleoutput).
Thedefaultinto-entityforqueriesthatdonotspecifyanINTOclauseis"STDOUT".
TheTSVoutputformatsupportsthemultiplexfeature,whichcanbeenabledbyspecifying'*'wildcardsintheinto-entityfilename.Thisfeatureallowsoutputrecordstobewrittentodifferentfilesdependingonthevaluesoftheirfields.Formoreinformationonthemultiplexfeature,seeMultiplexingOutputRecords.
Examples:
INTOreport.tsv
INTO\\COMPUTER01\Reports\report.tsv
INTOSTDOUT
INTOReports_*_*\Report*.tsv
©2004MicrosoftCorporation.Allrightsreserved.
![Page 480: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/480.jpg)
TSVOutputFormatParametersTheTSVoutputformatsupportsthefollowingparameters:
headers
Values: ON|OFF|AUTO
Default: AUTO
Description: Writeaheaderlinecontainingthefieldnames.
Details: Thisparametercontrolstheheaderlinethatisoutputatthebeginningofeachfile.Thepossiblevaluesforthisparameterare:ON:alwayswritetheheader;OFF:neverwritetheheader;AUTO:writetheheaderonlywhennotappendingtoanexistingfile.
Example: -headers:OFFoSeparator
Values: anystring|space|tab
Default: tab
Description: Separatorbetweenfields.
Details: Thisparametercontrolstheseparatortobeusedbetweenfieldvalues.The"tab"keywordcausestheTSVoutputformattouseasingletabcharacterbetweenthefields,whilethe"space"keywordcausestheTSVoutputformattouseasinglespacecharacter.
Example: -oSeparator:space
![Page 481: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/481.jpg)
oTsFormat
Values: timestampformat
Default: yyyy-MM-ddhh:mm:ss
Description: FormatoftimestampvaluesintheoutputTSVdata.
Details: Thisparameterspecifiesthedateand/ortimeformattousewhenformattingvaluesoftheTIMESTAMPdatatype.Formoreinformationondateandtimeformats,seeTimestampFormatSpecifiers.
Example: -oTsFormat:"MMMdd,yyyy"oCodepage
Values: codepageID(number)
Default: 0
Description: Codepageoftheoutputtext.
Details: 0isthesystemcodepage,-1isUNICODE.
Example: -oCodepage:1245fileMode
Values: 0|1|2
Default: 1
Description: Actiontoperformwhenanoutputfilealreadyexists.
Details: ThisparametercontrolsthebehavioroftheTSVoutputformatwhentheinto-entityspecifiesdirectlyorindirectlythroughthe"multiplex"featurethenameofafilethatalreadyexists.Thepossiblevaluesforthisparameterare:0:existingfilesareappendedwiththeoutput;
![Page 482: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/482.jpg)
1:existingfilesareoverwrittenwiththeoutput;2:existingfilesareleftintact,discardingtheoutput.
Example: -fileMode:0
©2004MicrosoftCorporation.Allrightsreserved.
![Page 483: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/483.jpg)
TSVOutputFormatExamplesFileInformationCreateaTSVfilecontaininginformationonthefilescontainedinthespecifieddirectory:
LogParser"SELECTPath,Name,Size,AttributesINTOFiles.tsvFROMC:\Test\*.*"-i:FS-o:TSV-recurse:0
SecurityEventsRetrievethe10latesteventsfromtheSecurityeventlogandwritetheirinformationtoaTSVfileforeacheventID:
LogParser"SELECTTOP10EventID,EventTypeName,MessageINTOEvents_*.tsvFROMSecurity"-i:EVT-direction:BW-o:TSV
©2004MicrosoftCorporation.Allrightsreserved.
![Page 484: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/484.jpg)
W3COutputFormatTheW3CoutputformatwritesoutputrecordsintheW3CExtendedLogFileFormat.
ThefollowingexampleshowsasampleoutputgeneratedbytheW3Coutputformat:
#Software:MicrosoftLogParser#Version:1.0#Date:2004-10-2514:20:40#Fields:datetimes-ids-types-category2004-04-1818:48:046009402004-04-1818:48:046005402004-04-1818:48:277024102004-04-1818:48:277035402004-04-1818:48:277035402004-04-1818:48:277036402004-04-1818:48:277036402004-04-1818:48:277035402004-04-1818:48:27703640
Into-EntitySyntaxParametersExamples
Seealso:W3CInputFormat
©2004MicrosoftCorporation.Allrightsreserved.
![Page 485: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/485.jpg)
W3COutputFormatInto-EntitySyntax<into-entity> ::= <filename>|
STDOUT
The<into-entity>specifiedinqueriesusingtheW3Coutputformatiseither:
Afilename;The"STDOUT"keyword,whichspecifiesthattheoutputdataistobewrittentotheoutputstream(theconsoleoutput).
Thedefaultinto-entityforqueriesthatdonotspecifyanINTOclauseis"STDOUT".
TheW3Coutputformatsupportsthemultiplexfeature,whichcanbeenabledbyspecifying'*'wildcardsintheinto-entityfilename.Thisfeatureallowsoutputrecordstobewrittentodifferentfilesdependingonthevaluesoftheirfields.Formoreinformationonthemultiplexfeature,seeMultiplexingOutputRecords.
Examples:
INTOreport.log
INTO\\COMPUTER01\Reports\report.log
INTOSTDOUT
INTOReports_*_*\Report*.log
©2004MicrosoftCorporation.Allrightsreserved.
![Page 486: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/486.jpg)
W3COutputFormatParametersTheW3Coutputformatsupportsthefollowingparameters:
rtp
Values: numberofrows
Default: 10
Description: Rowstoprintbeforepausing.
Details: WhenwritingtoSTDOUT,theW3Coutputformatdisplaysoutputrecordsinbatchesmadeupofanumberofrowsequaltothevaluespecifiedforthisparameter.Onceabatchofrowshasbeendisplayed,theW3Coutputformatpromptstheusertopressakeytodisplaythenextbatchofrows.Specifying"-1"forthisparameterdisablesbatchingaltogether.
Example: -rtp:-1oDQuotes
Values: ON|OFF
Default: OFF
Description: Enclosestringvaluesindouble-quotecharacters.
Details: Whenthisparameterissetto"ON",theW3Coutputformatwritesstringvalueswithdouble-quote(")charactersaroundthem.
Example: -oDQuotes:ONoDirTime
Values: anystring
![Page 487: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/487.jpg)
Default: notspecified
Description: Contentofthe"#Date"directiveheader.
Details: TheW3Coutputformatusesthevaluespecifiedforthisparameterasthecontentofthe"#Date"directivewrittentotheheaderoftheoutputfile.Whenavalueisnotspecified,theW3Coutputformatusesthecurrentdateandtime.
Example: -oDirTime:"1973-05-2803:02:42"encodeDelim
Values: ON|OFF
Default: OFF
Description: Substitutespacecharacterswithinfieldvalueswithpluscharacters.
Details: Whenthisparameterissetto"ON",theW3Coutputformatsubstitutesspacecharactersfoundinstringvalueswithplus(+)characters,inordertogenerateW3Coutputthatisformattedcorrectly.Whenthisparameterissetto"OFF",spacecharacterswithinfieldvaluesarepreserved,potentiallygeneratinginvalidW3Coutput.
Example: -encodeDelim:ONoCodepage
Values: codepageID(number)
Default: 0
Description: Codepageoftheoutputtext.
Details: 0isthesystemcodepage,-1isUNICODE.
Example: -oCodepage:1245
![Page 488: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/488.jpg)
fileMode
Values: 0|1|2
Default: 1
Description: Actiontoperformwhenanoutputfilealreadyexists.
Details: ThisparametercontrolsthebehavioroftheW3Coutputformatwhentheinto-entityspecifiesdirectlyorindirectlythroughthe"multiplex"featurethenameofafilethatalreadyexists.Thepossiblevaluesforthisparameterare:0:existingfilesareappendedwiththeoutput;1:existingfilesareoverwrittenwiththeoutput;2:existingfilesareleftintact,discardingtheoutput.
Example: -fileMode:0
©2004MicrosoftCorporation.Allrightsreserved.
![Page 489: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/489.jpg)
W3COutputFormatExamplesEventLogReportCreateaW3CfilewithinformationfromtheSystemeventlog:
LogParser"SELECTTO_DATE(TimeGenerated)ASdate,TO_TIME(TimeGenerated)AStime,SourceNameASs-source,EventIDASs-event-id,EventCategoryASs-event-categoryINTOreport.logFROMSystem"-i:EVT-o:W3C-encodeDelim:ON
©2004MicrosoftCorporation.Allrightsreserved.
![Page 490: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/490.jpg)
XMLOutputFormatTheXMLoutputformatwritesoutputrecordsasXMLdocumentnodes.
UserscanchoosebetweenfourdifferentstructuresfortheoutputXMLdocument.Differentstructuresformattheoutputrecordfieldsindifferentways,givinguserstheabilitytofine-tunethegeneratedXMLfortheirapplications.
ThefollowingexamplecommandgeneratesanXMLdocumentcontainingfieldsfromtheSystemeventlog:
LogParser"SELECTTimeGenerated,SourceName,EventID,MessageINTOEvents.xmlFROMSystem"TheoutputXMLwilllooklikethefollowingexample:
<?xmlversion="1.0"encoding="ISO-10646-UCS-2"standalone="yes"?><!DOCTYPEROOT[<!ATTLISTROOTDATE_CREATEDCDATA#REQUIRED><!ATTLISTROOTCREATED_BYCDATA#REQUIRED><!ELEMENTTimeGenerated(#PCDATA)><!ELEMENTSourceName(#PCDATA)><!ELEMENTEventID(#PCDATA)><!ELEMENTMessage(#PCDATA)><!ELEMENTROW(TimeGenerated,SourceName,EventID,Message)><!ELEMENTROOT(ROW*)>]><ROOTDATE_CREATED="2004-11-0816:26:54"CREATED_BY="MicrosoftLogParserV2.2"><ROW><TimeGenerated>2004-04-1818:48:04</TimeGenerated><SourceName>EventLog</SourceName>
DocumentStructuresInto-EntitySyntaxParametersExamples
Seealso:XMLInputFormat
©2004MicrosoftCorporation.Allrightsreserved.
![Page 491: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/491.jpg)
<EventID>6009</EventID><Message>Microsoft(R)Windows(R)5.01.2600ServicePack1UniprocessorFree.</Message></ROW><ROW><TimeGenerated>2004-04-1818:48:04</TimeGenerated><SourceName>EventLog</SourceName><EventID>6005</EventID><Message>TheEventlogservicewasstarted.</Message></ROW><ROW><TimeGenerated>2004-04-1818:48:27</TimeGenerated><SourceName>ServiceControlManager</SourceName><EventID>7035</EventID><Message>TheNetworkConnectionsservicewassuccessfullysentastartcontrol.</Message></ROW></ROOT>
![Page 492: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/492.jpg)
XMLOutputFormatDocumentStructuresTheXMLoutputformatgeneratesXMLdocumentsthatcanbestructuredinfourdifferentways,dependingonthevaluespecifiedforthestructureparameter.
Structure1Whenthe"structure"parameterissetto"1",theXMLoutputformatcreatesanodenamed"ROW"foreachoutputrecord.Thisnodeinturncontainsnodesforeachfieldintheoutputrecord,namedafterthefieldnamesandwithnodevaluescontainingthefieldvalues.
ThefollowingexampleshowsanXMLdocumentcreatedwithstructure"1":
<?xmlversion="1.0"encoding="ISO-10646-UCS-2"standalone="yes"?><!DOCTYPEROOT[<!ATTLISTROOTDATE_CREATEDCDATA#REQUIRED><!ATTLISTROOTCREATED_BYCDATA#REQUIRED><!ELEMENTTimeGenerated(#PCDATA)><!ELEMENTSourceName(#PCDATA)><!ELEMENTEventID(#PCDATA)><!ELEMENTMessage(#PCDATA)><!ELEMENTROW(TimeGenerated,SourceName,EventID,Message)><!ELEMENTROOT(ROW*)>]><ROOTDATE_CREATED="2004-11-0817:36:44"CREATED_BY="MicrosoftLogParserV2.2"><ROW><TimeGenerated>2004-04-1818:48:04</TimeGenerated><SourceName>
Structure2Settingthe"structure"parameterto"2"causestheXMLoutputformattogenerateXMLdocumentsthatareformattedaccordingtostructure"1",andinwhichfieldnodeshavea"TYPE"attributethatspecifiesthedatatypeofthecorrespondingoutputrecordfield.
ThefollowingexampleshowsanXMLdocumentcreatedwithstructure"2":
<?xmlversion="1.0"encoding="ISO-10646-UCS-2"standalone="yes"?><!DOCTYPEROOT[<!ATTLISTROOTDATE_CREATEDCDATA#REQUIRED><!ATTLISTROOTCREATED_BYCDATA#REQUIRED><!ELEMENTTimeGenerated(#PCDATA)><!ATTLISTTimeGeneratedTYPECDATA#REQUIRED><!ELEMENTSourceName(#PCDATA)>
Structure3Whenthe"structure"parameterissetto"3",theXMLoutputformatcreatesanodenamed"ROW"foreachoutputrecord.Thisnodeinturncontainsnodesnamed"FIELD"foreachfieldinthe
![Page 493: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/493.jpg)
EventLog</SourceName><EventID>6009</EventID><Message>Microsoft(R)Windows(R)5.01.2600ServicePack1UniprocessorFree.</Message></ROW><ROW><TimeGenerated>2004-04-1818:48:04</TimeGenerated><SourceName>EventLog</SourceName><EventID>6005</EventID><Message>TheEventlogservicewasstarted.</Message></ROW></ROOT>
<!ATTLISTSourceNameTYPECDATA#REQUIRED><!ELEMENTEventID(#PCDATA)><!ATTLISTEventIDTYPECDATA#REQUIRED><!ELEMENTMessage(#PCDATA)><!ATTLISTMessageTYPECDATA#REQUIRED><!ELEMENTROW(TimeGenerated,SourceName,EventID,Message)><!ELEMENTROOT(ROW*)>]><ROOTDATE_CREATED="2004-11-0817:30:25"CREATED_BY="MicrosoftLogParserV2.2"><ROW><TimeGeneratedTYPE="TIMESTAMP">2004-04-1818:48:04</TimeGenerated><SourceNameTYPE="STRING">EventLog</SourceName><EventIDTYPE="INTEGER">6009</EventID><MessageTYPE="STRING">Microsoft(R)Windows(R)5.01.2600ServicePack1UniprocessorFree.</Message></ROW><ROW><TimeGeneratedTYPE="TIMESTAMP">2004-04-1818:48:04</TimeGenerated><SourceNameTYPE="STRING">EventLog</SourceName><EventIDTYPE="INTEGER">6005</EventID><MessageTYPE="STRING">TheEventlogservicewasstarted.</Message>
outputrecord;each"FIELD"nodehasanodevalueequaltothefieldvalue,anda"NAME"attributethatspecifiesthefieldname.
ThefollowingexampleshowsanXMLdocumentcreatedwithstructure"3":
<?xmlversion="1.0"encoding="ISO-10646-UCS-2"standalone="yes"?><!DOCTYPEROOT[<!ATTLISTROOTDATE_CREATEDCDATA#REQUIRED><!ATTLISTROOTCREATED_BYCDATA#REQUIRED><!ELEMENTFIELD(#PCDATA)><!ATTLISTFIELDNAMECDATA#REQUIRED><!ELEMENTROW(FIELD,FIELD,FIELD,FIELD)><!ELEMENTROOT(ROW*)>]><ROOTDATE_CREATED="2004-11-0817:32:41"CREATED_BY="MicrosoftLogParserV2.2"><ROW><FIELDNAME="TimeGenerated">2004-04-1818:48:04</FIELD><FIELDNAME="SourceName">EventLog</FIELD><FIELDNAME="EventID">6009</FIELD><FIELDNAME="Message">Microsoft(R)Windows(R)5.01.2600ServicePack1UniprocessorFree.</FIELD></ROW><ROW><FIELDNAME="TimeGenerated">2004-04-1818:48:04</FIELD><FIELDNAME="SourceName">EventLog
Structure4Settingthe"structure"parameterto"4"causestheXMLoutputformattogenerateXMLdocumentsthatareformattedaccordingtostructure"3",andinwhich"FIELD"nodeshaveanadditional"TYPE"attributethatspecifiesthedatatypeofthecorrespondingoutputrecordfield.
ThefollowingexampleshowsanXMLdocumentcreatedwithstructure"4":
<?xmlversion="1.0"encoding="ISO-10646-UCS-2"standalone="yes"?><!DOCTYPEROOT[<!ATTLISTROOTDATE_CREATEDCDATA#REQUIRED><!ATTLISTROOTCREATED_BYCDATA#REQUIRED><!ELEMENTFIELD(#PCDATA)><!ATTLISTFIELDNAMECDATA#REQUIRED><!ATTLISTFIELDTYPECDATA#REQUIRED><!ELEMENTROW(FIELD,FIELD,FIELD,FIELD)><!ELEMENTROOT(ROW*)>]><ROOTDATE_CREATED="2004-11-0817:35:04"CREATED_BY="MicrosoftLogParserV2.2"><ROW><FIELDNAME="TimeGenerated"TYPE="TIMESTAMP">2004-04-1818:48:04</FIELD><FIELDNAME="SourceName"TYPE="STRING">EventLog</FIELD><FIELDNAME="EventID"TYPE="INTEGER">
©2004MicrosoftCorporation.Allrightsreserved.
![Page 494: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/494.jpg)
</ROW></ROOT></FIELD><FIELDNAME="EventID">6005</FIELD><FIELDNAME="Message">TheEventlogservicewasstarted.</FIELD></ROW></ROOT>
6009</FIELD><FIELDNAME="Message"TYPE="STRING">Microsoft(R)Windows(R)5.01.2600ServicePack1UniprocessorFree.</FIELD></ROW><ROW><FIELDNAME="TimeGenerated"TYPE="TIMESTAMP">2004-04-1818:48:04</FIELD><FIELDNAME="SourceName"TYPE="STRING">EventLog</FIELD><FIELDNAME="EventID"TYPE="INTEGER">6005</FIELD><FIELDNAME="Message"TYPE="STRING">TheEventlogservicewasstarted.</FIELD></ROW></ROOT>
![Page 495: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/495.jpg)
XMLOutputFormatInto-EntitySyntax<into-entity> ::= <filename>|
STDOUT
The<into-entity>specifiedinqueriesusingtheXMLoutputformatiseither:
Afilename;The"STDOUT"keyword,whichspecifiesthattheoutputdataistobewrittentotheoutputstream(theconsoleoutput).
Thedefaultinto-entityforqueriesthatdonotspecifyanINTOclauseis"STDOUT".
TheXMLoutputformatsupportsthemultiplexfeature,whichcanbeenabledbyspecifying'*'wildcardsintheinto-entityfilename.Thisfeatureallowsoutputrecordstobewrittentodifferentfilesdependingonthevaluesoftheirfields.Formoreinformationonthemultiplexfeature,seeMultiplexingOutputRecords.
Examples:
INTOreport.xml
INTO\\COMPUTER01\Reports\report.xml
INTOSTDOUT
INTOReports_*_*\Report*.xml
©2004MicrosoftCorporation.Allrightsreserved.
![Page 496: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/496.jpg)
XMLOutputFormatParametersTheXMLoutputformatsupportsthefollowingparameters:
structure
Values: 1|2|3|4
Default: 1
Description: Structureoftheoutputdocument.
Details: Foradescriptionofthedifferentstructuresavailable,seeDocumentStructures.
Example: -structure:4rootName
Values: string
Default: ROOT
Description: Nameofthedocumentrootnode.
Details: Thisparameterallowsuserstocustomizethenameofthesinglerootnodethatcontainsalltheothernodesintheoutputdocument.
Example: -rootName:REPORTrowName
Values: string
Default: ROW
Description: Nameofthenodecontainingtheoutputrecordfields.
Details: Thisparameterallowsuserstocustomizethenameofthenodethatisgeneratedforeachoutputrecord.
![Page 497: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/497.jpg)
Example: -rowName:ENTRYfieldName
Values: string
Default: FIELD
Description: Nameofthenodecontainingtheoutputrecordfieldvalues.
Details: Thisparameterallowsuserstocustomizethenameofthenodethatisgeneratedforeachoutputrecordfieldwhenthe"structure"parameterissetto"3"or"4".
Example: -fieldName:DATAxslLink
Values: pathtoXSLdocument
Default: notspecified
Description: XSLdocumenttobereferencedbytheoutputXMLdocument.
Details: SpecifyingavalueforthisparametercausestheXMLoutputformattoplacealinktothespecifiedXSLstylesheetintheheaderoftheoutputXMLdocument.XSL-enabledXMLbrowserswillfollowthespecifiedlinkandformattheoutputXMLdocumentaccordingly.Thelinkplacedinthedocumentheaderisformattedasfollows:
<?xml-stylesheettype="text/xsl"href="C:\XSL\MyXSL.xsl"?>
Example: -xslLink:C:\XSL\MyXSL.xslschemaType
Values: 0|1
![Page 498: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/498.jpg)
Default: 1
Description: Typeofinlineschema.
Details: Whenthisparameterissetto"1",theoutputXMLdocumentcontainsaninlineDTDschema.Settingthisparameterto"0"preventstheXMLoutputformatfromgeneratinganinlineschema.
Example: -schemaType:0compact
Values: ON|OFF
Default: OFF
Description: Suppressindentationsandextralinesinoutput.
Details: Whenthisparameterissetto"OFF",theXMLoutputformatgeneratesXMLdocumentsthatareoptimizedforhumanreadability,indentingnodesaccordingtotheirdepth,andwritingnodesonmultiplelines.Settingthisparameterto"ON"causestheXMLoutputformattowriteeach"ROW"nodeonasinglelinewithoutindentation.
Example: -compact:ONnoEmptyField
Values: ON|OFF
Default: OFF
Description: AvoidwritingemptynodesforNULLfieldvalues.
Details: Whenthisparameterissetto"OFF",outputrecordfieldshavingNULLvaluesarerenderedasemptynodes.Settingthisparameterto"ON"preventstheXMLoutputformatfromgeneratinganodewhenthecorresponding
![Page 499: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/499.jpg)
outputrecordfieldhasaNULLvalue.
Example: -noEmptyField:ONstandAlone
Values: ON|OFF
Default: ON
Description: Createawell-formed,stand-aloneXMLdocument.
Details: Whenthisparameterissetto"ON",theXMLoutputformatgenerateswell-formedXMLdocumentshavinganXMLheaderandasingledocumentrootnode.Whenthisparameterissetto"OFF",theXMLoutputformatgeneratesXMLtextthatonlycontainstheoutputrecordnodes,withnoXMLheaderandnodocumentrootnode.
Example: -standAlone:OFFoCodepage
Values: codepageID(number)
Default: 0
Description: Codepageoftheoutputtext.
Details: 0isthesystemcodepage,-1isUNICODE.
Example: -oCodepage:1245fileMode
Values: 0|1|2
Default: 1
Description: Actiontoperformwhenanoutputfilealreadyexists.
![Page 500: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/500.jpg)
Details: ThisparametercontrolsthebehavioroftheXMLoutputformatwhentheinto-entityspecifiesdirectlyorindirectlythroughthe"multiplex"featurethenameofafilethatalreadyexists.Thepossiblevaluesforthisparameterare:0:existingfilesareappendedwiththeoutput;1:existingfilesareoverwrittenwiththeoutput;2:existingfilesareleftintact,discardingtheoutput.
Example: -fileMode:0
©2004MicrosoftCorporation.Allrightsreserved.
![Page 501: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/501.jpg)
XMLOutputFormatExamplesAccountLogonsCreateanXMLdocumentcontaininglogonaccountnamesanddatesfromtheSecurityEventLogmessages:
LogParser"SELECTTimeGeneratedASLogonDate,EXTRACT_TOKEN(Strings,0,'|')ASAccountINTOReport.xmlFROMSecurityWHEREEventIDNOTIN(541;542;543)ANDEventType=8ANDEventCategory=2"
©2004MicrosoftCorporation.Allrightsreserved.
![Page 502: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/502.jpg)
Command-LineOperationTheLogParsercommand-lineexecutableisasingle,standalonebinaryfile("LogParser.exe")thatcanbeusedfromtheWindowscommand-lineshelltoexecutequeriesandperformotherLogParsertasks.Theexecutablebinarydoesnotrequireanyinstallation;oncecopiedtoacomputer,itisreadytouse.
Tip:IfyouwanttorunLogParser.exefromanydirectorywithouthavingtospecifytheabsoluteorrelativepath,youcanaddtheLogParserdirectorylocationtothe"PATH"environmentvariable.
TheLogParsercommand-lineexecutableworksoncommandssuppliedbytheuser.Commandsarecombinationsofswitches,orarguments,thatspecifyparametersforthetaskthatneedstobeexecuted.TheswitchesusedwiththeLogParsercommand-lineexecutablemustbeenteredwithadashcharacter(-)followedbytheswitchname,asinthefollowingexample:
C:\>LogParser-h
Mostswitchesrequireauser-suppliedvalue;inthesecases,theswitchnamemustbefollowedbyacoloncharacter(:)andbytheuser-suppliedvaluewithnointerveningspaces,asinthefollowingexample:
C:\>LogParser-iCodepage:931
Iftheuser-suppliedvaluecontainsspaces,thevaluecanbesurroundbydouble-quotecharacters("),asinthefollowingexample:
C:\>LogParser-chartTitle:"Top20Pages"
Dependingontheswitchesusedinacommand,theLogParsercommand-lineexecutablecanbeusedinfourdifferentmodesofoperation:
QueryExecutionMode:thisisthedefaultmodeofoperation;inthis
![Page 503: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/503.jpg)
mode,LogParserisusedtoexecutequeriesreadinginputrecordsfromaninputformatandwritingoutputrecordstoanoutputformat.ConversionMode:inthismode,activatedbythe"-c"switch,LogParserisusedtoexecutebuilt-inqueriesthatconvertlogfilesbetweensupportedlogfileformats.DefaultsOverrideMode:inthismode,activatedbythe"-saveDefaults"switch,userscanoverridethedefaultbehaviorofLogParserbyspecifyingcustomdefaultvaluesfortheexecutionparameters.HelpMode:inthismode,activatedbythe"-h"switch,thecommand-lineexecutablecanbeusedtodisplaytotheconsolewindowa"quickreference"helponselectedtopics,suchasinformationoninputandoutputformats,syntaxoffunctions,andsyntaxoftheLogParserSQL-Likequerylanguage.
Seealso:GlobalSwitchesReferenceCommandsandQueries
©2004MicrosoftCorporation.Allrightsreserved.
![Page 504: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/504.jpg)
QueryExecutionMode"QueryExecutionMode"isthedefaultoperationalmodeoftheLogParsercommand-lineexecutable.Inthismode,LogParserisusedtoexecutequeriesreadinginputrecordsfromaninputformatandwritingoutputrecordstoanoutputformat.
Thegeneralsyntaxofcommandsinqueryexecutionmodeis:
LogParser [-i:<input_format>][<input_format_options>][-o:<output_format>][<output_format_options>]<SQLquery>|file:<query_filename>[?param1=value1+...][<global_switches>][-queryInfo]
-i:<input_format>
Specifiestheinputformatforthequery.The"-i:"switchisfollowedbythenameoftheselectedinputformat,asinthefollowingexample:
C:\>LogParser-i:IISW3C"SELECT*FROMextend1.log"
Whenaninputformatisnotspecified,LogParserwillattempttoselectautomaticallyaninputformatuponinspectionofthe<from-entity>intheFROMclause.Forexample,"System"suggeststheuseoftheEVTInputFormat,while"ex040302.log"suggeststheuseoftheIISW3CInputFormat.Ifthe<from-entity>doesnotsuggestaspecificinputformat,theTextLineInputFormatwillbeselectedbydefault.
<input_format_options>
Specifyvaluesforinputformatparameters.Theseareenteredasswitcheswithnamesmatchingtheinputformat'sparameternames,followedbyacolonandbythevaluefor
![Page 505: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/505.jpg)
theparameter,asinthefollowingexamples:
C:\>LogParser-i:IISW3C-iCodepage:932-iCheckpoint:MyCheckpoint.lpc"SELECT*FROMextend1.log"C:\>LogParser-i:EVT-binaryFormat:ASC"SELECT*FROMSystem"
Parametervaluescontainingspacesmustbeenclosedwithindouble-quotecharacters("),asinthefollowingexample:
C:\>LogParser-i:EVT-stringsSep:"MYSEPARATOR""SELECT*FROMSystem"Formoreinformationoninputformatparameters,refertotheInputFormatReference.
-o:<output_format>
Specifiestheoutputformatforthequery.The"-o:"switchisfollowedbythenameoftheselectedoutputformat,asinthefollowingexample:
C:\>LogParser-o:CSV"SELECT*FROMSystem"
Whenanoutputformatisnotspecified,LogParserwillattempttoselectautomaticallyanoutputformatuponinspectionofthe<into-entity>intheINTOclause.Forexample,"chart.gif"suggeststheuseoftheCHARTOutputFormat,while"MyFile.csv"suggeststheuseoftheCSVOutputFormat.Ifthe<into-entity>doesnotsuggestaspecificoutputformat,orthequerydoesnotspecifyanINTOclause,theNATOutputFormatwillbeselectedbydefault.
<output_format_options>
Specifyvaluesforoutputformatparameters.Theseareenteredasswitcheswithnamesmatchingtheoutputformat'sparameternames,followedbyacolonandbythevaluefor
![Page 506: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/506.jpg)
theparameter,asinthefollowingexamples:
C:\>LogParser-o:NAT-rtp:-1-fileMode:1"SELECT*FROMSystem"
C:\>LogParser-o:CSV-tabs:ON"SELECT*FROMSystem"
Parametervaluescontainingspacesmustbeenclosedwithindouble-quotecharacters("),asinthefollowingexample:
C:\>LogParser-o:CHART-chartTitle:"PageHitsperDay""SELECTdate,COUNT(*)FROMextend1.logGROUPBYdate"Formoreinformationonoutputformatparameters,refertotheOutputFormatReference.
<SQLquery>
SpecifiesthetextoftheLogParserSQL-Likequery.Sinceaqueryalwayscontainsspaces,thetextofthequerymustbeenclosedwithindouble-quotecharacters("),asinthefollowingexample:
C:\>LogParser"SELECT*FROMSystem"
Alternatively,aquerycanbespecifiedthroughatextfilewiththe"file:"switch,asshowninthenextsection.Commandscontainingbothaquerytextargumentanda"file:"switchareconsideredillegalandreturnanerror.
file:<query_filename>[?param1=value1+...]
SpecifiesthenameofatextfilecontainingaLogParserSQL-Likequery.ThetextfilespecifiedmustcontainavalidqueryintheLogParserSQL-Likelanguage.Multiplespaces,comments,andnew-linecharactersinthetextfileareignored,allowingthequerytexttobeformattedasdesiredforreadability.
![Page 507: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/507.jpg)
Thefollowingexampleshowsanexamplecontentofaquerytextfile:
SELECTTimeGenerated,EXTRACT_TOKEN(ResolvedSid,1,'\\')ASUsername--onlythe'username'portion/*Wewanttoretrievethefullusername*/USINGRESOLVE_SID(Sid)ASResolvedSidFROMSecurity
Thefollowingexampleshowshowthequeryisexecuted,assumingthatthequerytexthasbeensavedtoafilenamed"MyQuery.sql":
C:\>LogParser-i:EVTfile:Myquery.sql
Querytextfilescanincludeparameters,whicharesubstitutedatruntimewithuser-suppliedtextorenvironmentvariablevalues.Parametersareuser-definednamesinthequerytextenclosedwithinpercentcharacters(%),suchas"%MyParameter%".WhenissuingaLogParsercommandtoexecuteaquerytextfilecontainingparameters,userscanspecifythevaluesoftheparametersbyappendingthequestion-markcharacter(?)tothequeryfilename,followedbyalistofpairsintheformof"parameter_name=parameter_value",separatedbythepluscharacter(+).Forexample,thefollowingquerycontainstwoparameters:
SELECTEventIDFROM%InputEventLog%WHERESourceName='%InputSourceName%'Thefollowingexamplecommandexecutesthequerysubstitutinguser-suppliedvaluesfortheparameters:
C:\>LogParser-i:EVTfile:Myquery.sql?InputEventLog=System+InputSourceName=EventLogIfaparameternameorvaluecontainsspaces,thenameorvaluemustbeenclosedwithindouble-quotecharacters("),asinthefollowingexample:
C:\>LogParser-i:EVTfile:Myquery.sql?InputEventLog=System+InputSourceName="ServiceControlManager"Ifthevalueofaquerytextfileparameterisnotsuppliedbytheuser,LogParserwillsearchfortheparameternameinthecurrentenvironmentvariableset.Ifanenvironmentvariableisfound
![Page 508: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/508.jpg)
matchingtheparametername,itsvaluewillbesubstitutedfortheparameter;otherwise,theparameternameisleftas-isinthequerytext.
Thetextofthequerycanalsobespecifieddirectlyasacommand-lineargument,asshownintheprevioussection.Commandscontainingbothaquerytextargumentanda"file:"switchareconsideredillegalandreturnanerror.
<global_switches>
Globalswitchescontroloverallbehaviorsofthecommand,suchaserrorhandlingandcommandstatisticsverbosity.Formoreinformationonglobalswitches,refertotheGlobalSwitchesReference.
-queryInfo
Displaysdiagnosticinformationaboutthecommand.When"-queryInfo"isspecified,thecommandisnotexecuted,andthefollowingdiagnosticinformationisdisplayedtotheconsolewindow:Thetextoftheprovidedquery,afterbeingparsedandinterpretedbytheLogParserSQL-Likeenginecore;Namesoftheinputandoutputformatsselected;Structureofthequeryoutputrecords,includingfieldnamesandfielddatatypes.
Thisinformationcanbeusedtotroubleshootavarietyofproblems,includingunexpectedqueryexecutionresults,andqueryparametersubtitution.
Thefollowingexampleusesthe"-queryInfo"switchtodisplaydiagnosticinformationaboutthespecifiedcommand:
C:\>LogParser"SELECTTO_UTCTIME(TimeGenerated)ASUTCTimeGenerated,SourceNameFROMSystemWHEREEventID>20"-queryIn
![Page 509: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/509.jpg)
foTheoutputofthiscommandis:
Query:SELECTTO_UTCTIME([TimeGenerated])ASUTCTimeGenerated,[SourceName]FROMSystemWHERE[EventID]>ANY(20)
Formatsselected:Inputformat:EVT(WindowsEventLog)Outputformat:NAT(NativeFormat)
Queryfields:UTCTimeGenerated(T)SourceName(S)
Seealso:Command-LineOperationReferenceGlobalSwitchesReferenceCommandsandQueries
©2004MicrosoftCorporation.Allrightsreserved.
![Page 510: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/510.jpg)
ConversionModeIn"ConversionMode",LogParserisusedtoexecutebuilt-inqueriestoconvertlogfilesbetweenthefollowingformats:
BINtoW3CIIStoW3CBINtoIISIISW3CtoIIS
Conversionmodeisactivatedbythe"-c"switch.
Thegeneralsyntaxofcommandsinconversionmodeis:
LogParser -c-i:<input_format>-o:<output_format><from_entity><into_entity>[<where_clause>][<input_format_options>][<output_format_options>][-multiSite[:ON|OFF]][<global_switches>][-queryInfo]
Formoreinformationonlogfileformatconversions,refertoConvertingFileFormats.
-i:<input_format>
Specifiestheinputformatfortheconversion.The"-i:"switchisfollowedbythenameoftheselectedinputformat,asinthefollowingexample:
C:\>LogParser-c-i:IISW3C-o:IISextend1.loginetsv1.log
DifferentlythanQueryExecutionMode,theinputformatspecificationisamandatoryargumentforcommandsinconversionmode.Thespecifiedinputformatnamemustbeoneoftheinputformatsinthetableaboveforwhichaconversionissupported.
![Page 511: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/511.jpg)
-o:<output_format>
Specifiestheoutputformatfortheconversion.The"-o:"switchisfollowedbythenameoftheselectedoutputformat,asinthefollowingexample:
C:\>LogParser-c-i:IISW3C-o:IISextend1.loginetsv1.log
DifferentlythanQueryExecutionMode,theoutputformatspecificationisamandatoryargumentforcommandsinconversionmode.Thespecifiedoutputformatnamemustbeoneoftheoutputformatsinthetableaboveforwhichaconversionissupported.
<from_entity>
Specifiestheinputfile(s)tobeconverted.Thisargumentmustconformtothe<from_entity>syntaxoftheselectedinputformat.Forinformationonthesyntaxandinterpretationofthe<from_entity>valuessupportedbyeachinputformat,refertotheInputFormatsReference.Iftheargumentcontainsspaces,itmustbeenclosedwithindouble-quotecharacters("),asinthefollowingexample:
C:\>LogParser-c-i:IISW3C-o:IIS"extend1.log;,<1>"inetsv1.log
<into_entity>
Specifiestheconversiontargetoutputfile.Thisargumentmustconformtothe<into_entity>syntaxoftheselectedoutputformat.Forinformationonthesyntaxandinterpretationofthe<into_entity>valuessupportedbyeachoutputformat,refertotheOutputFormatsReference.Iftheargumentcontainsspaces,itmustbeenclosedwithindouble-quotecharacters("),asinthefollowingexample:
![Page 512: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/512.jpg)
C:\>LogParser-c-i:IISW3C-o:IISextend1.log"C:\MyFolder\inetsv1.log"
<where_clause>
SpecifiesanoptionalWHEREclausetoperformfilteringontheinputformatentries.
ThefollowingexampleconvertsonlytheIISW3Clogfileentriesthatrepresentsuccessfulrequests:
C:\>LogParser-c-i:IISW3C-o:IISextend1.loginetsv1.log"WHEREsc-statusBETWEEN200AND399"
<input_format_options>
Specifyvaluesforinputformatparameters.Theseareenteredasswitcheswithnamesmatchingtheinputformat'sparameternames,followedbyacolonandbythevaluefortheparameter,asinthefollowingexample:
C:\>LogParser-c-i:IISW3C-o:IISextend1.loginetsv1.log-iCodepage:932Formoreinformationoninputformatparameters,refertotheInputFormatReference.
<output_format_options>
Specifyvaluesforoutputformatparameters.Theseareenteredasswitcheswithnamesmatchingtheoutputformat'sparameternames,followedbyacolonandbythevaluefortheparameter,asinthefollowingexample:
C:\>LogParser-c-i:IISW3C-o:IISextend1.loginetsv1.log-fileMode:1
Formoreinformationonoutputformatparameters,refertotheOutputFormatReference.
![Page 513: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/513.jpg)
-multiSite[:ON|OFF]
SpecifiesthatanIISCentralBinarylogfileistobeconvertedtomultiplelogfiles,oneforeachIISVirtualSite.ThisoptionisonlyavailablewhentheconversionisfromtheBINinputformat,andwhenthespecified<into-entity>containsone"*"wildcardenablingtheMultiplexOuputMode.ThewildcardwillbereplacedwiththenumericidentifiersoftheIISVirtualSitesthatservedtherequestsloggedinthecentralbinarylogfile.
ThefollowingexampleconvertsasingleIISCentralBinarylogfiletodifferentW3Clogfiles,oneforeachIISVirtualSitethatservedarequestloggedinthecentralbinarylog:
C:\>LogParser-c-i:BIN-o:W3Craw1.iblC:\NewLogs\W3SVC*\extend1.log-multiSite:ON
<global_switches>
Globalswitchescontroloverallbehaviorsofthecommand,suchaserrorhandlingandcommandstatisticsverbosity.Formoreinformationonglobalswitches,refertotheGlobalSwitchesReference.
-queryInfo
Displaysdiagnosticinformationabouttheconversioncommand.When"-queryInfo"isspecified,thecommandisnotexecuted,andthefollowingdiagnosticinformationisdisplayedtotheconsolewindow:Thetextoftheconversionquery,afterbeingparsedandinterpretedbytheLogParserSQL-Likeenginecore;Namesoftheinputandoutputformatsselected;Structureofthequeryoutputrecords,includingfieldnamesandfielddatatypes.
Thisinformationcanbeusedtotroubleshootunexpectedconversion
![Page 514: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/514.jpg)
results.
Thefollowingexampleusesthe"-queryInfo"switchtodisplaydiagnosticinformationaboutthespecifiedconversioncommand:
C:\>LogParser-c-i:IISW3C-o:IISextend1.loginetsv1.log-queryInfo
Theoutputofthiscommandis:
Query:SELECT[c-ip],[cs-username],TO_DATE(TO_LOCALTIME(TO_TIMESTAMP([date],[time]))),TO_TIME(TO_LOCALTIME(TO_TIMESTAMP([date],[time]))),[s-sitename],[s-computername],[s-ip],[time-taken],[sc-bytes],[cs-bytes],[sc-status],[sc-win32-status],[cs-method],[cs-uri-stem],[cs-uri-query]INTOinetsv1.logFROMextend1.log
Formatsselected:Inputformat:IISW3C(IISW3CExtendedLogFormat)Outputformat:IIS(IISLogFormat)
Queryfields:c-ip(S)cs-username(S)TO_DATE(TO_LOCALTIME(TO_TIMESTAMP(date,time)))(T)TO_TIME(TO_LOCALTIME(TO_TIMESTAMP(date,time)))(T)s-sitename(S)s-computername(S)s-ip(S)time-taken(I)sc-bytes(I)cs-bytes(I)sc-status(I)sc-win32-status(I)
Seealso:Command-LineOperationReferenceGlobalSwitchesReferenceConvertingFileFormats
©2004MicrosoftCorporation.Allrightsreserved.
![Page 515: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/515.jpg)
cs-method(S)cs-uri-stem(S)cs-uri-query(S)
![Page 516: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/516.jpg)
DefaultsOverrideModeIn"DefaultsOverrideMode"userscanspecifynewdefaultvaluestoreplacethefactorydefaultvaluesofglobalswitches,inputformatparameters,andoutputformatparameters.Valuesareoverriddenonthecomputeronwhichthe"saveDefaults"commandisexecuted,andthenewvaluesareineffectuntiltheyareoverriddenbyanewoverridecommand,oruntilthefactorydefaultsarerestoredwiththe"restoreDefaults"command.ThenewdefaultvaluesalsoaffecttheLogParserscriptableCOMcomponents.
Note:Forsecurityreasons,propertiesthatareusedtospecifyconfidentialorsensitiveinformation,suchasusernamesandpasswords,cannotbeoverridenbythe"DefaultsOverrideMode"feature.
Thegeneralsyntaxofcommandsindefaultsoverridemodeis:
LogParser -saveDefaults[-i:<input_format><input_format_options>][-o:<output_format><output_format_options>][<global_switches>]
LogParser -restoreDefaults
-i:<input_format><input_format_options>
Specifiestheinputformatwhoseparameters'defaultvaluesaretobeoverridden,andthenewdefaultvaluesfortheselectedparameters.The"-i:"switchisfollowedbythenameoftheselectedinputformat,andthenewdefaultvaluesareenteredasswitcheswithnamesmatchingtheinputformat'sparameternames,followedbyacolonandbythevalueforthenewdefault,asinthefollowingexample:
C:\>LogParser-saveDefaults-i:EVT-binaryFormat:ASC-resolveSIDs:ONFormoreinformationoninputformatparameters,refertotheInput
![Page 517: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/517.jpg)
FormatReference.
-o:<output_format><output_format_options>
Specifiestheoutputformatwhoseparameters'defaultvaluesaretobeoverridden,andthenewdefaultvaluesfortheselectedparameters.The"-o:"switchisfollowedbythenameoftheselectedoutputformat,andthenewdefaultvaluesareenteredasswitcheswithnamesmatchingtheoutputformat'sparameternames,followedbyacolonandbythevalueforthenewdefault,asinthefollowingexample:
C:\>LogParser-saveDefaults-o:NAT-rtp:-1
Formoreinformationonoutputformatparameters,refertotheOutputFormatReference.
<global_switches>
Specifynewdefaultvaluesforglobalswitches.
Thefollowingexamplecommandoverridesthedefaultvalueofthe"-stats;"globalswitch,togetherwiththe"rtp"parameteroftheNAToutputformat:
C:\>LogParser-saveDefaults-o:NAT-rtp:-1-stats:OFF
Formoreinformationonglobalswitches,refertotheGlobalSwitchesReference.
-restoreDefaults
Restoresthefactorydefaultsofglobalswitches,inputformatparameters,andoutputformatparameters.Whenspecified,the"-restoreDefaults"switchmustbetheonly
![Page 518: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/518.jpg)
argumentofthecommand,asinthefollowingexample:
C:\>LogParser-restoreDefaults
Seealso:Command-LineOperationReferenceGlobalSwitchesReference
©2004MicrosoftCorporation.Allrightsreserved.
![Page 519: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/519.jpg)
HelpMode"HelpMode",activatedwiththe"-h"switch,offersusersthepossibilitytoaccess"quickreference"helptopicsdisplayedtotheconsoleoutput.Thehelptopics,selectablethroughadditionalcommand-linearguments,are:
GeneralUsageQueryLanguageSyntaxFunctionsSyntaxInputandOutputFormatsConversionModeQueryExamples
GeneralUsageHelp
TheLogParsercommand-lineexecutableusagehelpisaccessedwiththefollowingcommand:
C:\>LogParser-h
QueryLanguageSyntaxHelp
TheLogParserSQL-Likelanguagesyntaxhelpisaccessedwiththefollowingcommand:
C:\>LogParser-hGRAMMAR
FunctionsSyntaxHelp
TheLogParserSQL-Likelanguagefunctionssyntaxhelpisaccessed
![Page 520: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/520.jpg)
withcommandshavingthefollowingsyntax:
LogParser -hFUNC[TIONS][<function>]
TypingthefollowingcommandwilldisplaythesyntaxforallthefunctionsavailableintheLogParserSQL-Likelanguage:
C:\>LogParser-hFUNCTIONS
Typingafunctionnamefollowingthehelpcommanddisplaysthesyntaxoftheselectedfunctiononly:
C:\>LogParser-hFUNCTIONSSUBSTR
Typingthefirstfewlettersofafunctionnamedisplaysthesyntaxofallthefunctionswhosenamestartswiththespecifiedletters:
C:\>LogParser-hFUNCTIONSSTR
InputandOutputFormatsHelp
Inputandoutputformatshelpisdisplayedwithcommandshavingthefollowingsyntax:
LogParser -h-i:<input_format>[<from_entity>][<input_format_options>]
LogParser -h-o:<output_format>
Forexample,thefollowingcommanddisplayshelpontheIISW3Cinputformat:
C:\>LogParser-h-i:IISW3C
TheoutputofthiscommandgivesadetailedoverviewoftheIISW3C
![Page 521: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/521.jpg)
inputformat,includingthesyntaxofthe
<from_entity>,alistofallthesupportedpropertiestogetherwiththeirdefaultvalues,thestructureoftherecordsproducedbytheinputformat(fieldnamesandtypes),andexamplesofqueriesusingtheinputformat.
Whenaninputformatretrievesfieldinformationfromthedatathatneedstobeparsed,thehelpcommandcanincludethefrom-entityfromwhichthefieldinformationistobegathered.Forexample,theCSVinputformatexaminestheinputfilestoretrievethenamesandtypesoftheinputrecordfieldsthatwillbeexported.AhelpcommandaimedatdisplayingtheinputrecordfieldsexportedbytheCSVinputformatwhenparsingaspecificfileshouldincludethefilenamefrom-entity,asshowninthefollowingexample:
C:\>LogParser-h-i:CSVTestLogFile.csv
Inaddition,sincetheparametersofsomeinputformatscanaffectthestructureoftheinputrecords,helpcommandscanincludetheseparameterstodisplaythevaryinginputrecordstructures.Forexample,theNETMONinputformathasa"fMode"parameterthatcanbeusedtospecifyhowtheinputrecordsshouldbestructured.AhelpcommandaimedatdisplayingtheinputrecordfieldsexportedbytheNETMONinputformatwhenthe"fMode"parameterissetto"TCPConn"shouldincludethisparameter,asshowninthefollowingexample:
C:\>LogParser-h-i:NETMON-fMode:TCPConn
ConversionModeHelp
Conversionmodehelpisaccessedwithcommandshavingthefollowingsyntax:
LogParser -h-c[-i:<input_format>-o:<output_format>]
Thefollowingcommanddisplaysgeneralconversionmodehelp,
![Page 522: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/522.jpg)
includingthelistofavailablebuilt-inconversionqueries:
C:\>LogParser-h-c
Thefollowingcommanddisplayshelpontheconversionbetweenthespecifiedlogfileformats,includingthefulltextofthebuilt-inquerythatperformstheconversion:
C:\>LogParser-h-c-i:BIN-o:W3C
QueryExamplesHelp
Examplesofqueriesandcommandscanbedisplayedwiththefollowingcommand:
C:\>LogParser-hEXAMPLES
Seealso:
Command-LineOperationReference
©2004MicrosoftCorporation.Allrightsreserved.
![Page 523: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/523.jpg)
GlobalSwitchesGlobalswitchescontroloverallbehaviorsofacommand,andtheyareusedwithmostoftheLogParsercommand-lineexecutableoperationalmodes.
Theglobalswitchesare:
-e:<max_errors>
-iw[:ON|OFF]
-stats[:ON|OFF]
-q[:ON|OFF]
-e:<max_errors>
Specifiesamaximumnumberofparseerrorstocollectinternallybeforeabortingtheexecutionofthecommand.Thedefaultvalueforthisglobalswitchis-1,whichisaspecialvaluecausingtheSQLenginetoignoreallparseerrorsandreportonlythetotalnumberofparseerrorsencounteredduringtheexecutionofthecommand.Thefollowingexamplecommandsetsthemaximumnumberofparseerrorsto100:
C:\>LogParser"SELECTMessageFROMSystem"-e:100
Formoreinformationonparseerrorsandthe"-e"switch,seeErrors,ParseErrors,andWarnings.
-iw[:ON|OFF]
Specifieswhetherornotwarningsshouldbeignored.
![Page 524: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/524.jpg)
Thedefaultvalueis"OFF",meaningthatruntimewarningswillnotbeignoredandwilltriggeraninteractiveprompttotheuser.Specifying"ON",ontheotherhand,disablestheinteractiveprompt,andruntimewarningswillbeignoredandtheirtotalcountwillbereportedwhenthecommandexecutionhascompleted.Thefollowingexamplecommandexecutesaqueryignoringruntimewarnings:
C:\>LogParser"SELECTMessageFROMSystem"-iw:ON
Formoreinformationonwarningsandthe"-iw"switch,seeErrors,ParseErrors,andWarnings.
-stats[:ON|OFF]
Specifieswhetherornotcommandexecutionstatisticsshouldbedisplayedwhenthecommandexecutionhascompleted.Thedefaultvalueis"ON",causingcommandexecutionstatisticstobealwaysdisplayed.Specifying"OFF"preventsthestatisticsfrombeingdisplayed.Thefollowingexamplecommandexecutesaquerypreventingthestatisticsfrombeingdisplayed:
C:\>LogParser"SELECTCOUNT(*)FROMSystem"-stats:OFF
-q[:ON|OFF]
Enablesordisables"quietmode".When"quietmode"isenabled,theconsoleoutputofacommandcontainsonlytheoutputrecords,suppressinganyadditionalinformation.Forthisreason,theconsoleoutputofacommandexecutedin"quietmode"issuitabletoberedirectedtoatextfile.Enabling"quietmode"disablesthedisplayofparseerrors,warnings,andstatistics.Inaddition,iftheselectedoutputformatistheNAToutputformat,its"rtp"and"headers"parametersareautomaticallysetasfollows:
![Page 525: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/525.jpg)
-rtp:-1-headers:OFF
Asanexample,theoutputoffollowingcommandshowstheextrainformationandtheNAToutputformatheadersthatarenormallydisplayedtotheconsole:
C:\>LogParser"SELECTCOUNT(*)FROMSystem"COUNT(ALL*)------------6913
Statistics:-----------Elementsprocessed:6913Elementsoutput:1Executiontime:0.13seconds
Inthisexample,enabling"quietmode"suppressestheheadersdisplayedbytheNAToutputformatandthequeryexecutionstatistics,andtheoutputwouldlooklikethefollowing:
C:\>LogParser"SELECTCOUNT(*)FROMSystem"-q:ON6913
Seealso:Command-LineOperationReferenceErrors,ParseErrors,andWarnings
©2004MicrosoftCorporation.Allrightsreserved.
![Page 526: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/526.jpg)
COMAPITheLogParserscriptableCOMcomponentsarchitectureismadeupofthefollowingobjects:
LogQueryobject:thisobjectisthemainCOMobjectintheLogParserscriptableCOMcomponentsarchitecture;itexposesmethodstoexecuteSQL-Likequeriesandprovidesaccesstoglobalparameterscontrollingtheexecutionofaquery.LogRecordSetobject:thisobjectisanenumeratorofLogRecordobjects;itallowsanapplicationtonavigatethroughtheoutputrecordsofaquery.LogRecordobject:thisobjectrepresentsasinglequeryoutputrecord,anditexposesmethodsthatcanbeusedtoretrieveindividualfieldvaluesfromtheoutputrecord.InputFormatobjects:theseobjectsprovideprogrammaticaccesstotheinputformatssupportedbyLogParser;eachinputformatobjectexposespropertieshavingthesamenameastheparametersofthecorrespondingLogParserinputformat.OutputFormatobjects:theseobjectsprovideprogrammaticaccesstotheoutputformatssupportedbyLogParser;eachoutputformatobjectexposespropertieshavingthesamenameastheparametersofthecorrespondingLogParseroutputformat.
Seealso:LogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 527: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/527.jpg)
LogQueryObjectTheLogQueryobjectexposesthemainAPImethodsthatexecuteaSQL-Likequeryandprovidesaccesstoglobalparameterscontrollingtheexecutionofaquery.
Theobjectisinstantiatedwiththe"MSUtil.LogQuery"ProgId.Theclassnameofthe.NETCOMwrapperforthisobjectis"Interop.MSUtil.LogQueryClassClass".
Methods
Execute ExecutesaqueryandreturnsaLogRecordSetobjectthatcanbeusedtonavigatethroughthequeryoutputrecords.
ExecuteBatch Executesaqueryandwritesthequeryoutputrecordstoanoutputformat.
Properties
errorMessages Returnsacollectionoftheerror,parseerror,andwarningmessagesthatoccurredduringtheexecutionofaquery.
inputUnitsProcessed Returnsthetotalnumberofinputrecordsprocessedduringtheexecutionofaquery.
lastError Returns-1iferrors,parseerrors,orwarningsoccurredduringtheexecution
![Page 528: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/528.jpg)
ofthequery;0otherwise.
maxParseErrors Setsandgetsthemaximumnumberofparseerrorsthatcanoccurduringtheexecutionofaquerybeforeabortingthequeryexecution.
outputUnitsProcessed Returnsthetotalnumberofoutputrecordssenttoanoutputformatduringtheexecutionofaquery.
versionMaj Returnsthe"major"componentoftheversionoftheLogParserscriptableCOMcomponents.
versionMin Returnsthe"minor"componentoftheversionoftheLogParserscriptableCOMcomponents.
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
VBScriptexample:
DimoLogQuerySetoLogQuery=CreateObject("MSUtil.LogQuery")
Seealso:
![Page 529: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/529.jpg)
LogRecordSetObjectInputFormatObjectsOutputFormatObjectsLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 530: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/530.jpg)
ExecuteMethodExecutesaqueryandreturnsaLogRecordSetobjectthatcanbeusedtonavigatethroughthequeryoutputrecords.
ScriptSyntax
objRecordSet=objLogQuery.Execute(strQuery[,objInputFormat]);
Parameters
strQueryAstringcontainingthetextoftheSQL-Likequerytobeexecuted.
objInputFormatEitheranInputFormatobjectoraCustomInputFormatPluginobject.Ifthisparameterisnotspecified,orisnull,LogParserwillattempttoselectautomaticallyaninputformatuponinspectionofthe<from-entity>intheFROMclauseofthespecifiedquery.
ReturnValueALogRecordSetobject,whichcanbeusedtonavigatethroughthequeryoutputrecords.
RemarksIfthequeryexecutionencounterserrors,anexceptionisthrowncontainingtheerrormessageandcode,andthequeryexecutionisaborted.Inthiscase,thelastErrorpropertyoftheLogQueryobjectissetto-1,
![Page 531: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/531.jpg)
andthecollectionofstringsreturnedbytheerrorMessagespropertycontainstheerrormessage.Ifthequeryexecutionencountersparseerrorsorwarnings,thequeryexecutessuccessfully,andthemethodreturnsaLogRecordSetobject.Inthiscase,thelastErrorpropertyoftheLogQueryobjectissetto-1,andthecollectionofstringsreturnedbytheerrorMessagespropertycontainstheparseerrormessagesand/orwarningmessages.AsuccessfulexecutionoftheExecutemethoddoesnotnecessarilymeanthatthequeryexecutionhascompleted.Dependingonthequerystructure,navigatingthequeryoutputrecordswiththeLogRecordSetobjectcancausethequerytofurtherprocessnewinputrecords,whichcouldinturngenerateadditionalerrors,parseerrors,orwarnings.SeetheLogRecordSetObjectReferenceformoreinformation.ThespecifiedquerycannotcontainanINTOclause.
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreateInputFormatobjectvaroIISW3CInputFormat=newActiveXObject("MSUtil.LogQuery.IISW3CInputFormat");
//CreatequerytextvarstrQuery="SELECTc-ipFROM<1>WHEREcs-uri-stemLIKE'%hitcount.asp'";
//ExecutequeryandreceiveaLogRecordSetvaroRecordSet=oLogQuery.Execute(strQuery,oIISW3CInputFormat);
//Visitallrecordswhile(!oRecordSet.atEnd())
VBScriptexample:
DimoLogQueryDimoIISW3CInputFormatDimstrQueryDimoRecordSetDimoRecordDimstrClientIp
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreateInputFormatobjectSetoIISW3CInputFormat=CreateObject("MSUtil.LogQuery.IISW3CInp
Seealso:LogQueryObjectExecuteBatchMethodLogRecordSetObjectInputFormatObjectsLogParserCOMAPIOverview
![Page 532: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/532.jpg)
{ //Getarecord varoRecord=oRecordSet.getRecord();
//Getfirstfieldvalue varstrClientIp=oRecord.getValue(0);
//Printfieldvalue WScript.Echo("ClientIPAddress:"+strClientIp);
//AdvanceLogRecordSettonextrecord oRecordSet.moveNext();}
//CloseLogRecordSetoRecordSet.close();
utFormat")
'CreatequerytextstrQuery="SELECTc-ipFROM<1>WHEREcs-uri-stemLIKE'%hitcount.asp'"
'ExecutequeryandreceiveaLogRecordSetSetoRecordSet=oLogQuery.Execute(strQuery,oIISW3CInputFormat)
'VisitallrecordsDOWHILENOToRecordSet.atEnd
'Getarecord SetoRecord=oRecordSet.getRecord
'Getfirstfieldvalue strClientIp=oRecord.getValue(0)
'Printfieldvalue WScript.Echo"ClientIPAddress:"&strClientIp
'AdvanceLogRecordSettonextrecord oRecordSet.moveNext
LOOP
'CloseRecordSetoRecordSet.close
C#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 533: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/533.jpg)
ExecuteBatchMethodExecutesaqueryandwritestheoutputrecordstoanoutputformat.
ScriptSyntax
bResult=objLogQuery.ExecuteBatch(strQuery[,objInputFormat[,objOutputFormat]]);
Parameters
strQueryAstringcontainingthetextoftheSQL-Likequerytobeexecuted.
objInputFormatEitheranInputFormatobjectoraCustomInputFormatPluginobject.Ifthisparameterisnotspecified,orisnull,LogParserwillattempttoselectautomaticallyaninputformatuponinspectionofthe<from-entity>intheFROMclauseofthespecifiedquery.
objOutputFormatAnOutputFormatobject.Ifthisparameterisnotspecified,orisnull,LogParserwillattempttoselectautomaticallyanoutputformatuponinspectionofthe<into-entity>intheINTOclauseofthespecifiedquery.
ReturnValueAbooleanvalue.ReturnsTRUEifthequeryexecutedwithparseerrorsorwarnings;FALSEifthequeryexecutedwithoutanyparseerrornorwarning.
![Page 534: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/534.jpg)
RemarksIfthequeryexecutionencounterserrors,anexceptionisthrowncontainingtheerrormessageandcode,andthequeryexecutionisaborted.Inthiscase,thelastErrorpropertyoftheLogQueryobjectissetto-1,andthecollectionofstringsreturnedbytheerrorMessagespropertycontainstheerrormessage.Ifthequeryexecutionencountersparseerrorsorwarnings,thequeryexecutessuccessfully,andthemethodreturnsTRUE.Inthiscase,thelastErrorpropertyoftheLogQueryobjectissetto-1,andthecollectionofstringsreturnedbytheerrorMessagespropertycontainstheparseerrormessagesand/orwarningmessages.
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreateInputFormatobjectvaroEVTInputFormat=newActiveXObject("MSUtil.LogQuery.EventLogInputFormat");oEVTInputFormat.direction="BW";
//CreateOutputFormatobjectvaroCSVOutputFormat=newActiveXObject("MSUtil.LogQuery.CSVOutputFormat");oCSVOutputFormat.tabs=true;
//CreatequerytextvarstrQuery="SELECTTimeGenerated,EventIDINTOC:\\output.csvFROMSystem";strQuery+="WHERESourceName='ApplicationPopup'";
//Executequery
VBScriptexample:
DimoLogQueryDimoEVTInputFormatDimoCSVOutputFormatDimstrQuery
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreateInputFormatobjectSetoEVTInputFormat=CreateObject("MSUtil.LogQuery.EventLogInputFormat")oEVTInputFormat.direction="BW"
'CreateOutputFormatobject
Seealso:LogQueryObjectExecuteMethodInputFormatObjectsOutputFormatObjectsLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 535: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/535.jpg)
oLogQuery.ExecuteBatch(strQuery,oEVTInputFormat,oCSVOutputFormat);SetoCSVOutputFormat=CreateObject("MSUtil.LogQuery.CSVOutputFormat")oCSVOutputFormat.tabs=TRUE
'CreatequerytextstrQuery="SELECTTimeGenerated,EventIDINTOC:\output.csvFROMSystem"strQuery=strQuery&"WHERESourceName='ApplicationPopup'"
'ExecutequeryoLogQuery.ExecuteBatchstrQuery,oEVTInputFormat,oCSVOutputFormat
![Page 536: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/536.jpg)
errorMessagesPropertyReturnsacollectionofstringscontainingthemessagesoferrors,parseerrors,orwarningsencounteredwhileexecutingaquerywiththeExecuteorExecuteBatchmethods.
Read-onlyproperty.
ScriptSyntax
value=objLogQuery.errorMessages;
ReturnValueAcollectionofStringscontainingerrormessages.
RemarksTheobjectreturnedbytheerrorMessagespropertyimplementsasingleread-only_NewEnumproperty.The_NewEnumpropertyretrievesanIEnumVARIANTinterfaceonanobjectthatcanbeusedtoenumeratethecollection.The_NewEnumpropertyishiddenwithinscriptinglanguages(JScriptandVBScript).ApplicationswrittenintheJScriptlanguagehandleobjectsimplementingthe_NewEnumpropertyasEnumeratorobjectsorwiththefor...instatement,whileapplicationswrittenintheVBScriptlanguagehandleobjectsimplementingthe_NewEnumpropertywiththeForEach...Nextstatement.Ifyouwanttoretrieveparseerrormessages,makesurethatthemaxParseErrorspropertyoftheLogQueryobjectissettoavaluedifferentthan-1.Ifthevalueofthispropertyis-1(thedefaultvalue),theparseerrormessageswillbediscarded,andtheerrorMessagescollectionwillcontainasinglemessagestatingthetotalnumberofparseerrorsoccurred.
![Page 537: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/537.jpg)
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//MakesurethatparseerrormessagesarecollectedoLogQuery.maxParseErrors=100;
//CreatequerytextvarstrQuery="SELECTsc-bytesINTOC:\\output.csvFROMex040528.log";
//ExecutequeryoLogQuery.ExecuteBatch(strQuery);
//Checkiferrorsoccurredif(oLogQuery.lastError!=0){WScript.Echo("Errorsoccurred!");
varoMessages=newEnumerator(oLogQuery.errorMessages);for(;!oMessages.atEnd();oMessages.moveNext()){WScript.Echo("Errormessage:"+oMessages.item());}}else{WScript.Echo("Executedsuccessfully!");}
VBScriptexample:
DimoLogQueryDimstrQuery
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'MakesurethatparseerrormessagesarecollectedoLogQuery.maxParseErrors=100
'CreatequerytextstrQuery="SELECTsc-bytesINTOC:\output.csvFROMex040528.log"
'ExecutequeryoLogQuery.ExecuteBatchstrQuery
'CheckiferrorsoccurredIfoLogQuery.lastError<>0Then
WScript.Echo"Errorsoccurred!"
ForEachstrMessageInoLogQuery.errorMessagesWScript.Echo"ErrorMessage:"+strMessageNext
Else
WScript.Echo"Executedsuccesfully!"
Seealso:LogQueryObjectLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 538: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/538.jpg)
EndIf
![Page 539: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/539.jpg)
inputUnitsProcessedPropertyReturnsthetotalnumberofinputrecordsprocessedbyaqueryexecutedwiththeExecuteBatchmethod.
Read-onlyproperty.
ScriptSyntax
value=objLogQuery.inputUnitsProcessed;
ReturnValueAnintegervaluecontainingthetotalnumberofinputrecordsprocessedbythelastqueryexecutedwiththeExecuteBatchmethod.
RemarksWhenaqueryisexecutedwiththeExecutemethod,thispropertyreturnszero.Inthesecases,usetheinputUnitsProcessedpropertyoftheLogRecordSetobject.
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreatequerytextvarstrQuery="SELECTTimeGenerated,EventIDINTOC:\\output.csvFROMSystem";
VBScriptexample:
DimoLogQuery
![Page 540: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/540.jpg)
strQuery+="WHERESourceName='ApplicationPopup'";
//ExecutequeryoLogQuery.ExecuteBatch(strQuery);
//DisplaytotalnumberofinputrecordsprocessedWScript.Echo("InputRecordsProcessed:"+oLogQuery.inputUnitsProcessed);
DimstrQuery
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreatequerytextstrQuery="SELECTTimeGenerated,EventIDINTOC:\output.csvFROMSystem"strQuery=strQuery&"WHERESourceName='ApplicationPopup'"
'ExecutequeryoLogQuery.ExecuteBatchstrQuery
'DisplaytotalnumberofinputrecordsprocessedWScript.Echo"InputRecordsProcessed:"&oLogQuery.inputUnitsProcessed
Seealso:LogQueryObjectExecuteBatchMethodoutputUnitsProcessedPropertyLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 541: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/541.jpg)
lastErrorPropertyReturns-1iftheExecuteorExecuteBatchmethodsencounterederrors,parseerrors,orwarnings;0otherwise.
Read-onlyproperty.
ScriptSyntax
value=objLogQuery.lastError;
ReturnValueAnintegervaluecontaining-1iftheExecuteorExecuteBatchmethodsencounterederrors,parseerrors,orwarnings;0otherwise.
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreatequerytextvarstrQuery="SELECTTimeGenerated,EventIDINTOC:\\output.csvFROMSystem";strQuery+="WHERESourceName='ApplicationPopup'";
//ExecutequeryoLogQuery.ExecuteBatch(strQuery);
//Checkiferrorsoccurredif(oLogQuery.lastError!=0){WScript.Echo("Errorsoccurred!");
VBScriptexample:
DimoLogQueryDimstrQuery
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreatequerytextstrQuery="SELECTTimeGenerated,EventIDINTOC:\output.csvFROMSystem"strQuery=strQuery&"WHERESourceName='ApplicationPopup'"
Seealso:LogQueryObjectLogParserCOMAPIOverviewC#Example
![Page 542: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/542.jpg)
}else{WScript.Echo("Executedsuccessfully!");}
'ExecutequeryoLogQuery.ExecuteBatchstrQuery
'CheckiferrorsoccurredIfoLogQuery.lastError<>0ThenWScript.Echo"Errorsoccurred!"ElseWScript.Echo"Executedsuccesfully!"EndIf
©2004MicrosoftCorporation.Allrightsreserved.
![Page 543: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/543.jpg)
maxParseErrorsPropertySetsorgetsthemaximumnumberofparseerrorsthatcanoccurduringtheexecutionofaquerybeforeabortingthequeryexecution.
Read/writeproperty.
ScriptSyntax
objLogQuery.maxParseErrors=value;
value=objLogQuery.maxParseErrors;
Argument/ReturnValueAnintegervaluespecifyingthemaximumnumberofparseerrorsthatcanoccurduringtheexecutionofaquerybeforeabortingthequeryexecution.Avalueof-1specifiesthatallparseerrorsshouldbeignored.
DefaultValue-1
RemarksThispropertyisanalogoustothe"-e"globalswitchavailablewiththeLogParsercommand-lineexecutable.
Examples
![Page 544: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/544.jpg)
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
oLogQuery.maxParseErrors=10;VBScriptexample:
DimoLogQuerySetoLogQuery=CreateObject("MSUtil.LogQuery")
oLogQuery.maxParseErrors=10Seealso:LogQueryObjectLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 545: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/545.jpg)
outputUnitsProcessedPropertyReturnsthetotalnumberofoutputrecordssenttoanoutputformatbyaqueryexecutedwiththeExecuteBatchmethod.
Read-onlyproperty.
ScriptSyntax
value=objLogQuery.outputUnitsProcessed;
ReturnValueAnintegervaluecontainingthetotalnumberofoutputrecordssenttoanoutputformatbythelastqueryexecutedwiththeExecuteBatchmethod.
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreatequerytextvarstrQuery="SELECTTimeGenerated,EventIDINTOC:\\output.csvFROMSystem";strQuery+="WHERESourceName='ApplicationPopup'";
//ExecutequeryoLogQuery.ExecuteBatch(strQuery);
//DisplaytotalnumberofoutputrecordsgeneratedWScript.Echo("OutputRecordsWritten:"+oLogQuery.outputUnitsProc
VBScriptexample:
DimoLogQueryDimstrQuery
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreatequerytextstrQuery="SELECTTimeGenerated,EventIDINTOC:\output.csvFROMSystem"
Seealso:LogQueryObjectExecuteBatchMethodinputUnitsProcessedProperty
![Page 546: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/546.jpg)
essed);strQuery=strQuery&"WHERESourceName='ApplicationPopup'"
'ExecutequeryoLogQuery.ExecuteBatchstrQuery
'DisplaytotalnumberofoutputrecordsgeneratedWScript.Echo"OutputRecordsWritten:"&oLogQuery.outputUnitsProcessed
LogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 547: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/547.jpg)
versionMajPropertyversionMinPropertyReturnthemajorandminorcomponentsoftheversionoftheLogParserscriptableCOMcomponentscurrentlybeingused.
Read-onlyproperties.
ScriptSyntax
value=objLogQuery.versionMaj;
value=objLogQuery.versionMin;
ReturnValuesIntegervaluescontainingthemajorandminorcomponentsoftheversionoftheLogParserscriptableCOMcomponentscurrentlybeingused.
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
WScript.Echo("LogParserVersion"+oLogQuery.versionMaj+"."+oLogQuery.versionMin);VBScriptexample:
DimoLogQuerySetoLogQuery=CreateObject("MSUtil.LogQuery")
WScript.Echo"LogParserVersion"&oLogQuery.versionMaj&"."&o
![Page 548: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/548.jpg)
LogQuery.versionMinSeealso:LogQueryObjectLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 549: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/549.jpg)
LogRecordSetObjectTheLogRecordSetobjectisreturnedbytheExecutemethodoftheLogQueryobject,anditexposesmethodsthatcanbeusedtonavigatethroughtheoutputrecordsofaquery.TheLogRecordSetobjectisanenumeratorofLogRecordobjects.
Theinterfacenameofthe.NETCOMwrapperforthisobjectis"Interop.MSUtil.ILogRecordset".
Methods
atEnd ReturnsaBooleanvalueindicatingiftheenumeratorisattheendofthecollection.
close Releasestheenumerationandalltheassociatedresources.
getColumnCount Returnsthenumberoffieldsinthequeryoutputrecords.
getColumnName Returnsthenameofafieldinthequeryoutputrecords.
getColumnType Returnsthedatatypeofafieldinthequeryoutputrecords.
getRecord ReturnsthecurrentLogRecordobjectintheenumeration.
moveNext AdvancestheenumeratortothenextLogRecordintheenumeration.
![Page 550: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/550.jpg)
Properties
errorMessages Returnsacollectionoftheerror,parseerror,andwarningmessagesthatoccurredduringthelastinvocationofthemoveNextmethod.
inputUnitsProcessed Returnsthetotalnumberofinputrecordsprocessedduringtheexecutionofaquery.
lastError Returns-1iferrors,parseerrors,orwarningsoccurredduringthelastinvocationofthemoveNextmethod;0otherwise.
INTEGER_TYPE ReturnsthevalueoftheconstantrepresentingtheINTEGERdatatype.
NULL_TYPE ReturnsthevalueoftheconstantrepresentingtheNULLdatatype.
REAL_TYPE ReturnsthevalueoftheconstantrepresentingtheREALdatatype.
STRING_TYPE ReturnsthevalueoftheconstantrepresentingtheSTRINGdatatype.
TIMESTAMP_TYPE ReturnsthevalueoftheconstantrepresentingtheTIMESTAMPdatatype.
![Page 551: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/551.jpg)
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");varoLogRecordSet=oLogQuery.Execute("SELECT*FROMSystem");VBScriptexample:
DimoLogQueryDimoLogRecordSet
SetoLogQuery=CreateObject("MSUtil.LogQuery")SetoLogRecordSet=oLogQuery.Execute("SELECT*FROMSystem")Seealso:
LogQueryObjectLogRecordObjectLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 552: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/552.jpg)
atEndMethodReturnsaBooleanvalueindicatingiftheenumeratorisattheendofthecollection.
ScriptSyntax
value=objRecordSet.atEnd();
ReturnValueABooleanvaluesettoTRUEiftherearenomoreLogRecordobjectstoenumerate;FALSEotherwise.
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreateInputFormatobjectvaroIISW3CInputFormat=newActiveXObject("MSUtil.LogQuery.IISW3CInputFormat");
//CreatequerytextvarstrQuery="SELECTc-ipFROM<1>WHEREcs-uri-stemLIKE'%hitcount.asp'";
//ExecutequeryandreceiveaLogRecordSetvaroRecordSet=oLogQuery.Execute(strQuery,oIISW3CInputFormat);
//Visitallrecordswhile(!oRecordSet.atEnd())
VBScriptexample:
DimoLogQueryDimoIISW3CInputFormatDimstrQueryDimoRecordSetDimoRecordDimstrClientIp
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreateInputFormatobjectSetoIISW3CInputFormat=CreateObject("MSUtil.LogQuery.IISW3CInp
Seealso:LogRecordSetObjectLogRecordObjectLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 553: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/553.jpg)
{ //Getarecord varoRecord=oRecordSet.getRecord();
//Getfirstfieldvalue varstrClientIp=oRecord.getValue(0);
//Printfieldvalue WScript.Echo("ClientIPAddress:"+strClientIp);
//AdvanceLogRecordSettonextrecord oRecordSet.moveNext();}
//CloseLogRecordSetoRecordSet.close();
utFormat")
'CreatequerytextstrQuery="SELECTc-ipFROM<1>WHEREcs-uri-stemLIKE'%hitcount.asp'"
'ExecutequeryandreceiveaLogRecordSetSetoRecordSet=oLogQuery.Execute(strQuery,oIISW3CInputFormat)
'VisitallrecordsDOWHILENOToRecordSet.atEnd
'Getarecord SetoRecord=oRecordSet.getRecord
'Getfirstfieldvalue strClientIp=oRecord.getValue(0)
'Printfieldvalue WScript.Echo"ClientIPAddress:"&strClientIp
'AdvanceLogRecordSettonextrecord oRecordSet.moveNext
LOOP
'CloseRecordSetoRecordSet.close
![Page 554: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/554.jpg)
closeMethodReleasestheenumerationandalltheassociatedresources.
ScriptSyntax
objRecordSet.close();
ReturnValueNone.
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreateInputFormatobjectvaroIISW3CInputFormat=newActiveXObject("MSUtil.LogQuery.IISW3CInputFormat");
//CreatequerytextvarstrQuery="SELECTc-ipFROM<1>WHEREcs-uri-stemLIKE'%hitcount.asp'";
//ExecutequeryandreceiveaLogRecordSetvaroRecordSet=oLogQuery.Execute(strQuery,oIISW3CInputFormat);
//Visitallrecordswhile(!oRecordSet.atEnd()){ //Getarecord
VBScriptexample:
DimoLogQueryDimoIISW3CInputFormatDimstrQueryDimoRecordSetDimoRecordDimstrClientIp
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreateInputFormatobjectSetoIISW3CInputFormat=CreateObject("MSUtil.LogQuery.IISW3CInputFormat")
Seealso:LogRecordSetObjectLogRecordObjectLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 555: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/555.jpg)
varoRecord=oRecordSet.getRecord();
//Getfirstfieldvalue varstrClientIp=oRecord.getValue(0);
//Printfieldvalue WScript.Echo("ClientIPAddress:"+strClientIp);
//AdvanceLogRecordSettonextrecord oRecordSet.moveNext();}
//CloseLogRecordSetoRecordSet.close();
'CreatequerytextstrQuery="SELECTc-ipFROM<1>WHEREcs-uri-stemLIKE'%hitcount.asp'"
'ExecutequeryandreceiveaLogRecordSetSetoRecordSet=oLogQuery.Execute(strQuery,oIISW3CInputFormat)
'VisitallrecordsDOWHILENOToRecordSet.atEnd
'Getarecord SetoRecord=oRecordSet.getRecord
'Getfirstfieldvalue strClientIp=oRecord.getValue(0)
'Printfieldvalue WScript.Echo"ClientIPAddress:"&strClientIp
'AdvanceLogRecordSettonextrecord oRecordSet.moveNext
LOOP
'CloseRecordSetoRecordSet.close
![Page 556: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/556.jpg)
getColumnCountMethodReturnsthenumberoffieldsinthequeryoutputrecords.
ScriptSyntax
value=objRecordSet.getColumnCount();
ReturnValueAnintegervaluecontainingthenumberoffieldsinthequeryoutputrecords.
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreatequerytextvarstrQuery="SELECT*FROMSystem";
//ExecutequeryandreceiveaLogRecordSetvaroRecordSet=oLogQuery.Execute(strQuery);
//Displayfieldnamesandtypesfor(varf=0;f<oRecordSet.getColumnCount();f++){//FieldNameWScript.Echo("FieldName:"+oRecordSet.getColumnName(f));
//Fieldtypeswitch(oRecordSet.getColumnType(f))
VBScriptexample:
DimoLogQueryDimoRecordSetDimf
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreatequerytextstrQuery="SELECT*FROMSystem"
'ExecutequeryandreceiveaLogRecordSetSetoRecordSet=oLogQuery.Execute(strQuery)
Seealso:LogRecordSetObjectLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 557: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/557.jpg)
{caseoRecordSet.INTEGER_TYPE:{WScript.Echo("FieldType:INTEGER");break;}
caseoRecordSet.REAL_TYPE:{WScript.Echo("FieldType:REAL");break;}
caseoRecordSet.STRING_TYPE:{WScript.Echo("FieldType:STRING");break;}
caseoRecordSet.TIMESTAMP_TYPE:{WScript.Echo("FieldType:TIMESTAMP");break;}
caseoRecordSet.NULL_TYPE:{WScript.Echo("FieldType:NULL");break;}}}
//CloseLogRecordSetoRecordSet.close();
'DisplayfieldnamesandtypesForf=0TooRecordSet.getColumnCount()-1
'FieldNameWScript.Echo"FieldName:"&oRecordSet.getColumnName(f)
'FieldtypeSelectCaseoRecordSet.getColumnType(f)CaseoRecordSet.INTEGER_TYPEWScript.Echo"FieldType:INTEGER"CaseoRecordSet.REAL_TYPEWScript.Echo"FieldType:REAL"CaseoRecordSet.STRING_TYPEWScript.Echo"FieldType:STRING"CaseoRecordSet.TIMESTAMP_TYPEWScript.Echo"FieldType:TIMESTAMP"CaseoRecordSet.NULL_TYPEWScript.Echo"FieldType:NULL"
EndSelectNext
'CloseLogRecordSetoRecordSet.close()
![Page 558: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/558.jpg)
getColumnNameMethodReturnsthenameofafieldinthequeryoutputrecords.
ScriptSyntax
value=objRecordSet.getColumnName(index);
Parameters
indexThe0-basedindexofthefieldinthequeryoutputrecords.TheindexmustbelessthanthenumberoffieldsreturnedbythegetColumnCountmethod.
ReturnValueAstringvaluecontainingthenameoftheoutputrecordfieldatthespecifiedposition.
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreatequerytextvarstrQuery="SELECT*FROMSystem";
//ExecutequeryandreceiveaLogRecordSetvaroRecordSet=oLogQuery.Execute(strQuery);
VBScriptexample:
DimoLogQueryDimoRecordSetDimf
![Page 559: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/559.jpg)
//Displayfieldnamesandtypesfor(varf=0;f<oRecordSet.getColumnCount();f++){//FieldNameWScript.Echo("FieldName:"+oRecordSet.getColumnName(f));
//Fieldtypeswitch(oRecordSet.getColumnType(f)){caseoRecordSet.INTEGER_TYPE:{WScript.Echo("FieldType:INTEGER");break;}
caseoRecordSet.REAL_TYPE:{WScript.Echo("FieldType:REAL");break;}
caseoRecordSet.STRING_TYPE:{WScript.Echo("FieldType:STRING");break;}
caseoRecordSet.TIMESTAMP_TYPE:{WScript.Echo("FieldType:TIMESTAMP");break;}
caseoRecordSet.NULL_TYPE:{WScript.Echo("FieldType:NULL");break;}}}
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreatequerytextstrQuery="SELECT*FROMSystem"
'ExecutequeryandreceiveaLogRecordSetSetoRecordSet=oLogQuery.Execute(strQuery)
'DisplayfieldnamesandtypesForf=0TooRecordSet.getColumnCount()-1
'FieldNameWScript.Echo"FieldName:"&oRecordSet.getColumnName(f)
'FieldtypeSelectCaseoRecordSet.getColumnType(f)CaseoRecordSet.INTEGER_TYPEWScript.Echo"FieldType:INTEGER"CaseoRecordSet.REAL_TYPEWScript.Echo"FieldType:REAL"CaseoRecordSet.STRING_TYPEWScript.Echo"FieldType:STRING"CaseoRecordSet.TIMESTAMP_TYPEWScript.Echo"FieldType:TIMESTAMP"CaseoRecordSet.NULL_TYPEWScript.Echo"FieldType:NULL"
EndSelectNext
'CloseLogRecordSetoRecordSet.close()
Seealso:LogRecordSetObjectLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 560: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/560.jpg)
//CloseLogRecordSetoRecordSet.close();
![Page 561: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/561.jpg)
getColumnTypeMethodReturnsthetypeofafieldinthequeryoutputrecords.
ScriptSyntax
value=objRecordSet.getColumnType(index);
Parameters
indexThe0-basedindexofthefieldinthequeryoutputrecords.TheindexmustbelessthanthenumberoffieldsreturnedbythegetColumnCountmethod.
ReturnValueAnintegervaluecontainingthetypeoftheoutputrecordfieldatthespecifiedposition.ThisvalueisoneoftheconstantsreturnedbytheINTEGER_TYPE,REAL_TYPE,STRING_TYPE,TIMESTAMP_TYPE,andNULL_TYPEproperties.
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreatequerytextvarstrQuery="SELECT*FROMSystem";VBScriptexample:
![Page 562: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/562.jpg)
//ExecutequeryandreceiveaLogRecordSetvaroRecordSet=oLogQuery.Execute(strQuery);
//Displayfieldnamesandtypesfor(varf=0;f<oRecordSet.getColumnCount();f++){//FieldNameWScript.Echo("FieldName:"+oRecordSet.getColumnName(f));
//Fieldtypeswitch(oRecordSet.getColumnType(f)){caseoRecordSet.INTEGER_TYPE:{WScript.Echo("FieldType:INTEGER");break;}
caseoRecordSet.REAL_TYPE:{WScript.Echo("FieldType:REAL");break;}
caseoRecordSet.STRING_TYPE:{WScript.Echo("FieldType:STRING");break;}
caseoRecordSet.TIMESTAMP_TYPE:{WScript.Echo("FieldType:TIMESTAMP");break;}
caseoRecordSet.NULL_TYPE:{WScript.Echo("FieldType:NULL");break;}
DimoLogQueryDimoRecordSetDimf
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreatequerytextstrQuery="SELECT*FROMSystem"
'ExecutequeryandreceiveaLogRecordSetSetoRecordSet=oLogQuery.Execute(strQuery)
'DisplayfieldnamesandtypesForf=0TooRecordSet.getColumnCount()-1
'FieldNameWScript.Echo"FieldName:"&oRecordSet.getColumnName(f)
'FieldtypeSelectCaseoRecordSet.getColumnType(f)CaseoRecordSet.INTEGER_TYPEWScript.Echo"FieldType:INTEGER"CaseoRecordSet.REAL_TYPEWScript.Echo"FieldType:REAL"CaseoRecordSet.STRING_TYPEWScript.Echo"FieldType:STRING"CaseoRecordSet.TIMESTAMP_TYPEWScript.Echo"FieldType:TIMESTAMP"CaseoRecordSet.NULL_TYPEWScript.Echo"FieldType:NULL"
EndSelectNext
'CloseLogRecordSet
Seealso:LogRecordSetObjectLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 563: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/563.jpg)
}}
//CloseLogRecordSetoRecordSet.close();
oRecordSet.close()
![Page 564: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/564.jpg)
getRecordMethodReturnsthecurrentLogRecordobjectintheenumeration.
ScriptSyntax
objRecord=objRecordSet.getRecord();
ReturnValueThecurrentLogRecordobjectintheenumeration.
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreateInputFormatobjectvaroIISW3CInputFormat=newActiveXObject("MSUtil.LogQuery.IISW3CInputFormat");
//CreatequerytextvarstrQuery="SELECTc-ipFROM<1>WHEREcs-uri-stemLIKE'%hitcount.asp'";
//ExecutequeryandreceiveaLogRecordSetvaroRecordSet=oLogQuery.Execute(strQuery,oIISW3CInputFormat);
//Visitallrecordswhile(!oRecordSet.atEnd()){ //Getarecord
VBScriptexample:
DimoLogQueryDimoIISW3CInputFormatDimstrQueryDimoRecordSetDimoRecordDimstrClientIp
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreateInputFormatobjectSetoIISW3CInputFormat=CreateObject("MSUtil.LogQuery.IISW3CInputFormat")
Seealso:LogRecordSetObjectLogRecordObjectLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 565: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/565.jpg)
varoRecord=oRecordSet.getRecord();
//Getfirstfieldvalue varstrClientIp=oRecord.getValue(0);
//Printfieldvalue WScript.Echo("ClientIPAddress:"+strClientIp);
//AdvanceLogRecordSettonextrecord oRecordSet.moveNext();}
//CloseLogRecordSetoRecordSet.close();
'CreatequerytextstrQuery="SELECTc-ipFROM<1>WHEREcs-uri-stemLIKE'%hitcount.asp'"
'ExecutequeryandreceiveaLogRecordSetSetoRecordSet=oLogQuery.Execute(strQuery,oIISW3CInputFormat)
'VisitallrecordsDOWHILENOToRecordSet.atEnd
'Getarecord SetoRecord=oRecordSet.getRecord
'Getfirstfieldvalue strClientIp=oRecord.getValue(0)
'Printfieldvalue WScript.Echo"ClientIPAddress:"&strClientIp
'AdvanceLogRecordSettonextrecord oRecordSet.moveNext
LOOP
'CloseRecordSetoRecordSet.close
![Page 566: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/566.jpg)
moveNextMethodAdvancestheenumeratortothenextLogRecordintheenumeration.
ScriptSyntax
objRecordSet.moveNext();
ReturnValueNone.
RemarksDependingonthequerystructure,callingthemoveNextmethodcancausethequerytofurtherprocessnewinputrecords,whichcouldinturngenerateadditionalerrors,parseerrors,orwarnings.IfthemoveNextmethodencounterserrors,anexceptionisthrowncontainingtheerrormessageandcode,andfurtherprocessingisaborted.Inthiscase,thelastErrorpropertyoftheLogRecordSetobjectissetto-1,andthecollectionofstringsreturnedbytheerrorMessagespropertycontainstheerrormessage.IfthemoveNextmethodencountersparseerrorsorwarnings,theenumeratorisadvancedsuccessfully,andthelastErrorpropertyoftheLogRecordSetobjectissetto-1.Inthiscase,thecollectionofstringsreturnedbytheerrorMessagespropertycontainstheparseerrormessagesand/orwarningmessages.
Examples
JScriptexample:
![Page 567: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/567.jpg)
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreateInputFormatobjectvaroIISW3CInputFormat=newActiveXObject("MSUtil.LogQuery.IISW3CInputFormat");
//CreatequerytextvarstrQuery="SELECTc-ipFROM<1>WHEREcs-uri-stemLIKE'%hitcount.asp'";
//ExecutequeryandreceiveaLogRecordSetvaroRecordSet=oLogQuery.Execute(strQuery,oIISW3CInputFormat);
//Visitallrecordswhile(!oRecordSet.atEnd()){ //Getarecord varoRecord=oRecordSet.getRecord();
//Getfirstfieldvalue varstrClientIp=oRecord.getValue(0);
//Printfieldvalue WScript.Echo("ClientIPAddress:"+strClientIp);
//AdvanceLogRecordSettonextrecord oRecordSet.moveNext();}
//CloseLogRecordSetoRecordSet.close();
VBScriptexample:
DimoLogQueryDimoIISW3CInputFormatDimstrQueryDimoRecordSetDimoRecordDimstrClientIp
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreateInputFormatobjectSetoIISW3CInputFormat=CreateObject("MSUtil.LogQuery.IISW3CInputFormat")
'CreatequerytextstrQuery="SELECTc-ipFROM<1>WHEREcs-uri-stemLIKE'%hitcount.asp'"
'ExecutequeryandreceiveaLogRecordSetSetoRecordSet=oLogQuery.Execute(strQuery,oIISW3CInputFormat)
'VisitallrecordsDOWHILENOToRecordSet.atEnd
'Getarecord SetoRecord=oRecordSet.getRecord
'Getfirstfieldvalue strClientIp=oRecord.getValue(0)
'Printfieldvalue WScript.Echo"ClientIPAddress:"&strClientIp
'AdvanceLogRecordSettonextrecord
Seealso:LogRecordSetObjectLogRecordObjectLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 568: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/568.jpg)
oRecordSet.moveNext
LOOP
'CloseRecordSetoRecordSet.close
![Page 569: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/569.jpg)
errorMessagesPropertyReturnsacollectionofstringscontainingthemessagesoferrors,parseerrors,orwarningsthatoccurredduringthelastinvocationofthemoveNextmethod.
Read-onlyproperty.
ScriptSyntax
value=objLogRecordSet.errorMessages;
ReturnValueAcollectionofStringscontainingerrormessages.
RemarksTheobjectreturnedbytheerrorMessagespropertyimplementsasingleread-only_NewEnumproperty.The_NewEnumpropertyretrievesanIEnumVARIANTinterfaceonanobjectthatcanbeusedtoenumeratethecollection.The_NewEnumpropertyishiddenwithinscriptinglanguages(JScriptandVBScript).ApplicationswrittenintheJScriptlanguagehandleobjectsimplementingthe_NewEnumpropertyasEnumeratorobjectsorwiththefor...instatement,whileapplicationswrittenintheVBScriptlanguagehandleobjectsimplementingthe_NewEnumpropertywiththeForEach...Nextstatement.Ifyouwanttoretrieveparseerrormessages,makesurethatthemaxParseErrorspropertyoftheLogQueryobjectissettoavaluedifferentthan-1.Ifthevalueofthispropertyis-1(thedefaultvalue),theparseerrormessageswillbediscarded,andtheerrorMessagescollectionwillcontainasinglemessagestatingthetotalnumberofparseerrorsoccurred.
![Page 570: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/570.jpg)
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//MakesurethatparseerrormessagesarecollectedoLogQuery.maxParseErrors=100;
//CreateInputFormatobjectvaroIISW3CInputFormat=newActiveXObject("MSUtil.LogQuery.IISW3CInputFormat");
//CreatequerytextvarstrQuery="SELECTc-ipFROM<1>WHEREcs-uri-stemLIKE'%hitcount.asp'";
//ExecutequeryandreceiveaLogRecordSetvaroRecordSet=oLogQuery.Execute(strQuery,oIISW3CInputFormat);
//Checkiferrorsoccurredif(oLogQuery.lastError!=0){WScript.Echo("Errorsoccurred!");
varoMessages=newEnumerator(oLogQuery.errorMessages);for(;!oMessages.atEnd();oMessages.moveNext()){WScript.Echo("Errormessage:"+oMessages.item());}}
//Visitallrecordswhile(!oRecordSet.atEnd()){
VBScriptexample:
DimoLogQueryDimoIISW3CInputFormatDimstrQueryDimoRecordSetDimoRecordDimstrClientIp
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'MakesurethatparseerrormessagesarecollectedoLogQuery.maxParseErrors=100
'CreateInputFormatobjectSetoIISW3CInputFormat=CreateObject("MSUtil.LogQuery.IISW3CInputFormat")
'CreatequerytextstrQuery="SELECTc-ipFROM<1>WHEREcs-uri-stemLIKE'%hitcount.asp'"
'ExecutequeryandreceiveaLogRecordSetSetoRecordSet=oLogQuery.Execute(strQuery,oIISW3CInputFormat)
'CheckiferrorsoccurredIfoLogQuery.lastError<>0Then
WScript.Echo"Errorsoccurred!"
Seealso:LogRecordSetObjectLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 571: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/571.jpg)
//Getarecord varoRecord=oRecordSet.getRecord();
//Getfirstfieldvalue varstrClientIp=oRecord.getValue(0);
//Printfieldvalue WScript.Echo("ClientIPAddress:"+strClientIp);
//AdvanceLogRecordSettonextrecord oRecordSet.moveNext();
//Checkiferrorsoccurredif(oRecordSet.lastError!=0){WScript.Echo("Errorsoccurred!");
varoMessages=newEnumerator(oRecordSet.errorMessages);for(;!oMessages.atEnd();oMessages.moveNext()){WScript.Echo("Errormessage:"+oMessages.item());}}}
//CloseLogRecordSetoRecordSet.close();
ForEachstrMessageInoLogQuery.errorMessagesWScript.Echo"ErrorMessage:"+strMessageNext
EndIf
'VisitallrecordsDOWHILENOToRecordSet.atEnd
'Getarecord SetoRecord=oRecordSet.getRecord
'Getfirstfieldvalue strClientIp=oRecord.getValue(0)
'Printfieldvalue WScript.Echo"ClientIPAddress:"&strClientIp
'AdvanceLogRecordSettonextrecord oRecordSet.moveNext
'CheckiferrorsoccurredIfoRecordSet.lastError<>0Then
WScript.Echo"Errorsoccurred!"
ForEachstrMessageInoRecordSet.errorMessagesWScript.Echo"ErrorMessage:"+strMessageNext
EndIfLOOP
'CloseRecordSetoRecordSet.close
![Page 572: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/572.jpg)
inputUnitsProcessedPropertyReturnsthetotalnumberofinputrecordsprocessedsofarbyaqueryexecutedwiththeExecutemethod.
Read-onlyproperty.
ScriptSyntax
value=objLogRecordSet.inputUnitsProcessed;
ReturnValueAnintegervaluecontainingthetotalnumberofinputrecordsprocessedsofarbythequerythatreturnedtheLogRecordSetobject.
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreatequerytextvarstrQuery="SELECT*FROMSystem";
//ExecutequeryandreceiveaLogRecordSetvaroRecordSet=oLogQuery.Execute(strQuery);
//Visitallrecordswhile(!oRecordSet.atEnd()){//Displaynumberofinputrecordsprocessedsofar
VBScriptexample:
DimoLogQueryDimoRecordSetDimstrQuery
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreatequerytextstrQuery="SELECT*FROMSystem"
Seealso:LogRecordSetObjectLogParserCOMAPIOverviewC#Example
![Page 573: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/573.jpg)
WScript.Echo("InputRecordsProcessed:"+oRecordSet.inputUnitsProcessed);
//Getarecord varoRecord=oRecordSet.getRecord();
//AdvanceLogRecordSettonextrecord oRecordSet.moveNext();}
//DisplaytotalnumberofinputrecordsprocessedWScript.Echo("TotalInputRecordsProcessed:"+oRecordSet.inputUnitsProcessed);
//CloseLogRecordSetoRecordSet.close();
'ExecutequeryandreceiveaLogRecordSetSetoRecordSet=oLogQuery.Execute(strQuery)
'VisitallrecordsDOWHILENOToRecordSet.atEnd
'DisplaynumberofinputrecordsprocessedsofarWScript.Echo"InputRecordsProcessed:"&oRecordSet.inputUnitsProcessed
'Getarecord SetoRecord=oRecordSet.getRecord
'AdvanceLogRecordSettonextrecord oRecordSet.moveNext
LOOP
'DisplaytotalnumberofinputrecordsprocessedWScript.Echo"TotalInputRecordsProcessed:"&oRecordSet.inputUnitsProcessed
'CloseRecordSetoRecordSet.close
©2004MicrosoftCorporation.Allrightsreserved.
![Page 574: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/574.jpg)
lastErrorPropertyReturns-1iferrors,parseerrors,orwarningsoccurredduringthelastinvocationofthemoveNextmethod;0otherwise.
Read-onlyproperty.
ScriptSyntax
value=objRecordSet.lastError;
ReturnValueAnintegervaluecontaining-1ifthelastmoveNextmethodinvocationencounterederrors,parseerrors,orwarnings;0otherwise.
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//MakesurethatparseerrormessagesarecollectedoLogQuery.maxParseErrors=100;
//CreateInputFormatobjectvaroIISW3CInputFormat=newActiveXObject("MSUtil.LogQuery.IISW3CInputFormat");
//CreatequerytextvarstrQuery="SELECTc-ipFROM<1>WHEREcs-uri-stemLIKE'%hitcount.asp'";
//ExecutequeryandreceiveaLogRecordSet
VBScriptexample:
DimoLogQueryDimoIISW3CInputFormatDimstrQueryDimoRecordSetDimoRecordDimstrClientIp
SetoLogQuery=CreateObject("MSUtil.LogQuery")
Seealso:LogRecordSetObjectLogParserCOMAPIOverviewC#Example
![Page 575: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/575.jpg)
varoRecordSet=oLogQuery.Execute(strQuery,oIISW3CInputFormat);
//Checkiferrorsoccurredif(oLogQuery.lastError!=0){WScript.Echo("Errorsoccurred!");
varoMessages=newEnumerator(oLogQuery.errorMessages);for(;!oMessages.atEnd();oMessages.moveNext()){WScript.Echo("Errormessage:"+oMessages.item());}}
//Visitallrecordswhile(!oRecordSet.atEnd()){ //Getarecord varoRecord=oRecordSet.getRecord();
//Getfirstfieldvalue varstrClientIp=oRecord.getValue(0);
//Printfieldvalue WScript.Echo("ClientIPAddress:"+strClientIp);
//AdvanceLogRecordSettonextrecord oRecordSet.moveNext();
//Checkiferrorsoccurredif(oRecordSet.lastError!=0){WScript.Echo("Errorsoccurred!");
varoMessages=newEnumerator(oRecordSet.errorMessages);for(;!oMessages.atEnd();oMessages.moveNext()){
'MakesurethatparseerrormessagesarecollectedoLogQuery.maxParseErrors=100
'CreateInputFormatobjectSetoIISW3CInputFormat=CreateObject("MSUtil.LogQuery.IISW3CInputFormat")
'CreatequerytextstrQuery="SELECTc-ipFROM<1>WHEREcs-uri-stemLIKE'%hitcount.asp'"
'ExecutequeryandreceiveaLogRecordSetSetoRecordSet=oLogQuery.Execute(strQuery,oIISW3CInputFormat)
'CheckiferrorsoccurredIfoLogQuery.lastError<>0Then
WScript.Echo"Errorsoccurred!"
ForEachstrMessageInoLogQuery.errorMessagesWScript.Echo"ErrorMessage:"+strMessageNext
EndIf
'VisitallrecordsDOWHILENOToRecordSet.atEnd
'Getarecord SetoRecord=oRecordSet.getRecord
'Getfirstfieldvalue strClientIp=oRecord.getValue(0)
'Printfieldvalue WScript.Echo"ClientIPAddress:"&strClientIp
©2004MicrosoftCorporation.Allrightsreserved.
![Page 576: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/576.jpg)
WScript.Echo("Errormessage:"+oMessages.item());}}}
//CloseLogRecordSetoRecordSet.close();
'AdvanceLogRecordSettonextrecord oRecordSet.moveNext
'CheckiferrorsoccurredIfoRecordSet.lastError<>0Then
WScript.Echo"Errorsoccurred!"
ForEachstrMessageInoRecordSet.errorMessagesWScript.Echo"ErrorMessage:"+strMessageNext
EndIfLOOP
'CloseRecordSetoRecordSet.close
![Page 577: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/577.jpg)
INTEGER_TYPEPropertyTheconstantvaluereturnedbythegetColumnTypemethodtoindicatethatanoutputrecordfieldcontainsvaluesoftheINTEGERdatatype.
Read-onlyproperty.
ScriptSyntax
value=objRecordSet.INTEGER_TYPE;
ReturnValueAnintegervaluecontainingtheconstantthatrepresentstheINTEGERdatatype.
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreatequerytextvarstrQuery="SELECT*FROMSystem";
//ExecutequeryandreceiveaLogRecordSetvaroRecordSet=oLogQuery.Execute(strQuery);
//Displayfieldnamesandtypesfor(varf=0;f<oRecordSet.getColumnCount();f++){//FieldNameWScript.Echo("FieldName:"+oRecordSet.getColumnName(f));
VBScriptexample:
DimoLogQueryDimoRecordSetDimf
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreatequerytextstrQuery="SELECT*FROMSystem"
Seealso:NULL_TYPEPropertyREAL_TYPEPropertySTRING_TYPEPropertyTIMESTAMP_TYPEProperty
![Page 578: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/578.jpg)
//Fieldtypeswitch(oRecordSet.getColumnType(f)){caseoRecordSet.INTEGER_TYPE:{WScript.Echo("FieldType:INTEGER");break;}
caseoRecordSet.REAL_TYPE:{WScript.Echo("FieldType:REAL");break;}
caseoRecordSet.STRING_TYPE:{WScript.Echo("FieldType:STRING");break;}
caseoRecordSet.TIMESTAMP_TYPE:{WScript.Echo("FieldType:TIMESTAMP");break;}
caseoRecordSet.NULL_TYPE:{WScript.Echo("FieldType:NULL");break;}}}
//CloseLogRecordSetoRecordSet.close();
'ExecutequeryandreceiveaLogRecordSetSetoRecordSet=oLogQuery.Execute(strQuery)
'DisplayfieldnamesandtypesForf=0TooRecordSet.getColumnCount()-1
'FieldNameWScript.Echo"FieldName:"&oRecordSet.getColumnName(f)
'FieldtypeSelectCaseoRecordSet.getColumnType(f)CaseoRecordSet.INTEGER_TYPEWScript.Echo"FieldType:INTEGER"CaseoRecordSet.REAL_TYPEWScript.Echo"FieldType:REAL"CaseoRecordSet.STRING_TYPEWScript.Echo"FieldType:STRING"CaseoRecordSet.TIMESTAMP_TYPEWScript.Echo"FieldType:TIMESTAMP"CaseoRecordSet.NULL_TYPEWScript.Echo"FieldType:NULL"
EndSelectNext
'CloseLogRecordSetoRecordSet.close()
LogRecordSetObjectLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 579: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/579.jpg)
NULL_TYPEPropertyTheconstantvaluereturnedbythegetColumnTypemethodtoindicatethatanoutputrecordfieldcontainsvaluesoftheNULLdatatype.
Read-onlyproperty.
ScriptSyntax
value=objRecordSet.NULL_TYPE;
ReturnValueAnintegervaluecontainingtheconstantthatrepresentstheNULLdatatype.
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreatequerytextvarstrQuery="SELECT*FROMSystem";
//ExecutequeryandreceiveaLogRecordSetvaroRecordSet=oLogQuery.Execute(strQuery);
//Displayfieldnamesandtypesfor(varf=0;f<oRecordSet.getColumnCount();f++){//FieldNameWScript.Echo("FieldName:"+oRecordSet.getColumnName(f));
VBScriptexample:
DimoLogQueryDimoRecordSetDimf
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreatequerytextstrQuery="SELECT*FROMSystem"
Seealso:INTEGER_TYPEPropertyREAL_TYPEPropertySTRING_TYPEPropertyTIMESTAMP_TYPEProperty
![Page 580: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/580.jpg)
//Fieldtypeswitch(oRecordSet.getColumnType(f)){caseoRecordSet.INTEGER_TYPE:{WScript.Echo("FieldType:INTEGER");break;}
caseoRecordSet.REAL_TYPE:{WScript.Echo("FieldType:REAL");break;}
caseoRecordSet.STRING_TYPE:{WScript.Echo("FieldType:STRING");break;}
caseoRecordSet.TIMESTAMP_TYPE:{WScript.Echo("FieldType:TIMESTAMP");break;}
caseoRecordSet.NULL_TYPE:{WScript.Echo("FieldType:NULL");break;}}}
//CloseLogRecordSetoRecordSet.close();
'ExecutequeryandreceiveaLogRecordSetSetoRecordSet=oLogQuery.Execute(strQuery)
'DisplayfieldnamesandtypesForf=0TooRecordSet.getColumnCount()-1
'FieldNameWScript.Echo"FieldName:"&oRecordSet.getColumnName(f)
'FieldtypeSelectCaseoRecordSet.getColumnType(f)CaseoRecordSet.INTEGER_TYPEWScript.Echo"FieldType:INTEGER"CaseoRecordSet.REAL_TYPEWScript.Echo"FieldType:REAL"CaseoRecordSet.STRING_TYPEWScript.Echo"FieldType:STRING"CaseoRecordSet.TIMESTAMP_TYPEWScript.Echo"FieldType:TIMESTAMP"CaseoRecordSet.NULL_TYPEWScript.Echo"FieldType:NULL"
EndSelectNext
'CloseLogRecordSetoRecordSet.close()
LogRecordSetObjectLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 581: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/581.jpg)
REAL_TYPEPropertyTheconstantvaluereturnedbythegetColumnTypemethodtoindicatethatanoutputrecordfieldcontainsvaluesoftheREALdatatype.
Read-onlyproperty.
ScriptSyntax
value=objRecordSet.REAL_TYPE;
ReturnValueAnintegervaluecontainingtheconstantthatrepresentstheREALdatatype.
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreatequerytextvarstrQuery="SELECT*FROMSystem";
//ExecutequeryandreceiveaLogRecordSetvaroRecordSet=oLogQuery.Execute(strQuery);
//Displayfieldnamesandtypesfor(varf=0;f<oRecordSet.getColumnCount();f++){//FieldNameWScript.Echo("FieldName:"+oRecordSet.getColumnName(f));
VBScriptexample:
DimoLogQueryDimoRecordSetDimf
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreatequerytextstrQuery="SELECT*FROMSystem"
Seealso:INTEGER_TYPEPropertyNULL_TYPEPropertySTRING_TYPEPropertyTIMESTAMP_TYPEProperty
![Page 582: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/582.jpg)
//Fieldtypeswitch(oRecordSet.getColumnType(f)){caseoRecordSet.INTEGER_TYPE:{WScript.Echo("FieldType:INTEGER");break;}
caseoRecordSet.REAL_TYPE:{WScript.Echo("FieldType:REAL");break;}
caseoRecordSet.STRING_TYPE:{WScript.Echo("FieldType:STRING");break;}
caseoRecordSet.TIMESTAMP_TYPE:{WScript.Echo("FieldType:TIMESTAMP");break;}
caseoRecordSet.NULL_TYPE:{WScript.Echo("FieldType:NULL");break;}}}
//CloseLogRecordSetoRecordSet.close();
'ExecutequeryandreceiveaLogRecordSetSetoRecordSet=oLogQuery.Execute(strQuery)
'DisplayfieldnamesandtypesForf=0TooRecordSet.getColumnCount()-1
'FieldNameWScript.Echo"FieldName:"&oRecordSet.getColumnName(f)
'FieldtypeSelectCaseoRecordSet.getColumnType(f)CaseoRecordSet.INTEGER_TYPEWScript.Echo"FieldType:INTEGER"CaseoRecordSet.REAL_TYPEWScript.Echo"FieldType:REAL"CaseoRecordSet.STRING_TYPEWScript.Echo"FieldType:STRING"CaseoRecordSet.TIMESTAMP_TYPEWScript.Echo"FieldType:TIMESTAMP"CaseoRecordSet.NULL_TYPEWScript.Echo"FieldType:NULL"
EndSelectNext
'CloseLogRecordSetoRecordSet.close()
LogRecordSetObjectLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 583: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/583.jpg)
STRING_TYPEPropertyTheconstantvaluereturnedbythegetColumnTypemethodtoindicatethatanoutputrecordfieldcontainsvaluesoftheSTRINGdatatype.
Read-onlyproperty.
ScriptSyntax
value=objRecordSet.STRING_TYPE;
ReturnValueAnintegervaluecontainingtheconstantthatrepresentstheSTRINGdatatype.
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreatequerytextvarstrQuery="SELECT*FROMSystem";
//ExecutequeryandreceiveaLogRecordSetvaroRecordSet=oLogQuery.Execute(strQuery);
//Displayfieldnamesandtypesfor(varf=0;f<oRecordSet.getColumnCount();f++){//FieldNameWScript.Echo("FieldName:"+oRecordSet.getColumnName(f));
VBScriptexample:
DimoLogQueryDimoRecordSetDimf
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreatequerytextstrQuery="SELECT*FROMSystem"
Seealso:INTEGER_TYPEPropertyNULL_TYPEPropertyREAL_TYPEPropertyTIMESTAMP_TYPEProperty
![Page 584: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/584.jpg)
//Fieldtypeswitch(oRecordSet.getColumnType(f)){caseoRecordSet.INTEGER_TYPE:{WScript.Echo("FieldType:INTEGER");break;}
caseoRecordSet.REAL_TYPE:{WScript.Echo("FieldType:REAL");break;}
caseoRecordSet.STRING_TYPE:{WScript.Echo("FieldType:STRING");break;}
caseoRecordSet.TIMESTAMP_TYPE:{WScript.Echo("FieldType:TIMESTAMP");break;}
caseoRecordSet.NULL_TYPE:{WScript.Echo("FieldType:NULL");break;}}}
//CloseLogRecordSetoRecordSet.close();
'ExecutequeryandreceiveaLogRecordSetSetoRecordSet=oLogQuery.Execute(strQuery)
'DisplayfieldnamesandtypesForf=0TooRecordSet.getColumnCount()-1
'FieldNameWScript.Echo"FieldName:"&oRecordSet.getColumnName(f)
'FieldtypeSelectCaseoRecordSet.getColumnType(f)CaseoRecordSet.INTEGER_TYPEWScript.Echo"FieldType:INTEGER"CaseoRecordSet.REAL_TYPEWScript.Echo"FieldType:REAL"CaseoRecordSet.STRING_TYPEWScript.Echo"FieldType:STRING"CaseoRecordSet.TIMESTAMP_TYPEWScript.Echo"FieldType:TIMESTAMP"CaseoRecordSet.NULL_TYPEWScript.Echo"FieldType:NULL"
EndSelectNext
'CloseLogRecordSetoRecordSet.close()
LogRecordSetObjectLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 585: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/585.jpg)
TIMESTAMP_TYPEPropertyTheconstantvaluereturnedbythegetColumnTypemethodtoindicatethatanoutputrecordfieldcontainsvaluesoftheTIMESTAMPdatatype.
Read-onlyproperty.
ScriptSyntax
value=objRecordSet.TIMESTAMP_TYPE;
ReturnValueAnintegervaluecontainingtheconstantthatrepresentstheTIMESTAMPdatatype.
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreatequerytextvarstrQuery="SELECT*FROMSystem";
//ExecutequeryandreceiveaLogRecordSetvaroRecordSet=oLogQuery.Execute(strQuery);
//Displayfieldnamesandtypesfor(varf=0;f<oRecordSet.getColumnCount();f++){//FieldNameWScript.Echo("FieldName:"+oRecordSet.getColumnName(f));
VBScriptexample:
DimoLogQueryDimoRecordSetDimf
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreatequerytextstrQuery="SELECT*FROMSystem"
Seealso:INTEGER_TYPEPropertyNULL_TYPEPropertyREAL_TYPEPropertySTRING_TYPEProperty
![Page 586: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/586.jpg)
//Fieldtypeswitch(oRecordSet.getColumnType(f)){caseoRecordSet.INTEGER_TYPE:{WScript.Echo("FieldType:INTEGER");break;}
caseoRecordSet.REAL_TYPE:{WScript.Echo("FieldType:REAL");break;}
caseoRecordSet.STRING_TYPE:{WScript.Echo("FieldType:STRING");break;}
caseoRecordSet.TIMESTAMP_TYPE:{WScript.Echo("FieldType:TIMESTAMP");break;}
caseoRecordSet.NULL_TYPE:{WScript.Echo("FieldType:NULL");break;}}}
//CloseLogRecordSetoRecordSet.close();
'ExecutequeryandreceiveaLogRecordSetSetoRecordSet=oLogQuery.Execute(strQuery)
'DisplayfieldnamesandtypesForf=0TooRecordSet.getColumnCount()-1
'FieldNameWScript.Echo"FieldName:"&oRecordSet.getColumnName(f)
'FieldtypeSelectCaseoRecordSet.getColumnType(f)CaseoRecordSet.INTEGER_TYPEWScript.Echo"FieldType:INTEGER"CaseoRecordSet.REAL_TYPEWScript.Echo"FieldType:REAL"CaseoRecordSet.STRING_TYPEWScript.Echo"FieldType:STRING"CaseoRecordSet.TIMESTAMP_TYPEWScript.Echo"FieldType:TIMESTAMP"CaseoRecordSet.NULL_TYPEWScript.Echo"FieldType:NULL"
EndSelectNext
'CloseLogRecordSetoRecordSet.close()
LogRecordSetObjectLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 587: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/587.jpg)
LogRecordObjectTheLogRecordobjectrepresentsasinglequeryoutputrecord,anditexposesmethodsthatcanbeusedtoretrieveindividualfieldvaluesfromtheoutputrecord.TheLogRecordobjectisreturnedbythegetRecordmethodoftheLogRecordSetobject.
Theinterfacenameofthe.NETCOMwrapperforthisobjectis"Interop.MSUtil.ILogRecord".
Methods
getValue Returnsthevalueofafieldintheoutputrecord.
getValueEx Returnsthevalueofafieldintheoutputrecord.
isNull ReturnsaBooleanvalueindicatingifanoutputrecordfieldisNULL.
toNativeString Returnsafieldorthewholeoutputrecordasastringvalue.
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
![Page 588: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/588.jpg)
//CreateInputFormatobjectvaroIISW3CInputFormat=newActiveXObject("MSUtil.LogQuery.IISW3CInputFormat");
//CreatequerytextvarstrQuery="SELECTc-ipFROM<1>WHEREcs-uri-stemLIKE'%hitcount.asp'";
//ExecutequeryandreceiveaLogRecordSetvaroRecordSet=oLogQuery.Execute(strQuery,oIISW3CInputFormat);
//Visitallrecordswhile(!oRecordSet.atEnd()){ //Getarecord varoRecord=oRecordSet.getRecord();
//Getfirstfieldvalue varstrClientIp=oRecord.getValue(0);
//Printfieldvalue WScript.Echo("ClientIPAddress:"+strClientIp);
//AdvanceLogRecordSettonextrecord oRecordSet.moveNext();}
//CloseLogRecordSetoRecordSet.close();
VBScriptexample:
DimoLogQueryDimoIISW3CInputFormatDimstrQueryDimoRecordSetDimoRecordDimstrClientIp
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreateInputFormatobjectSetoIISW3CInputFormat=CreateObject("MSUtil.LogQuery.IISW3CInputFormat")
'CreatequerytextstrQuery="SELECTc-ipFROM<1>WHEREcs-uri-stemLIKE'%hitcount.asp'"
'ExecutequeryandreceiveaLogRecordSetSetoRecordSet=oLogQuery.Execute(strQuery,oIISW3CInputFormat)
'VisitallrecordsDOWHILENOToRecordSet.atEnd
'Getarecord SetoRecord=oRecordSet.getRecord
'Getfirstfieldvalue strClientIp=oRecord.getValue(0)
'Printfieldvalue WScript.Echo"ClientIPAddress:"&strClientIp
'AdvanceLogRecordSettonextrecord oRecordSet.moveNext
Seealso:LogRecordSetObjectLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 589: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/589.jpg)
LOOP
'CloseRecordSetoRecordSet.close
![Page 590: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/590.jpg)
getValueMethodReturnsthevalueofthefieldatthespecifiedpositionintherecord.
ScriptSyntax
value=objRecord.getValue(index);
value=objRecord.getValue(fieldName);
Parameters
indexAnintegercontainingthe0-basedindexofthefieldinthequeryoutputrecords.TheindexmustbelessthanthenumberoffieldsreturnedbythegetColumnCountmethodoftheLogRecordSetobject.
fieldNameAstringcontainingthenameofthefieldinthequeryoutputrecords.
ReturnValueThevalueofthespecifiedfield.ThevalueisreturnedasaVARIANT(i.e.ascriptingvariable)whosetypedependsonthedatatypeofthefield.ThefollowingtableshowstheVARIANTtypereturnedandthecorrespondingscriptingtypesforeachoftheLogParserdatatypes:
FieldTypeVARIANTType JScriptType
VBScriptType
INTEGER VT_I4 number Long
![Page 591: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/591.jpg)
REAL VT_R8 number Double
STRING VT_BSTR string String
TIMESTAMP VT_DATE date(VBdate)
Date
NULL VT_NULL nullobject Null
RemarksSomescriptinglanguagesmightnothandlecorrectlythenullvaluereturnedbythegetValuemethodwhenthefieldatthespecifiedlocationisNULL.Inthesecases,calltheisNullmethodbeforethegetValuemethodtotestthefieldforNULLvalues.AlthoughtheLogParserINTEGERDataTypeisa64-bitvalue,thegetValuemethodreturnsINTEGERvaluesas32-bitintegers,sincescriptinglanguagesdonothandlecorrectly64-bitintegervalues.Thismeansthattruncationmightoccurwhenvaluesarelargerthanthemaximum32-bitvalue.Inthesecases,ifalow-levelprogramminglanguageisbeingused(e.g.C++),applicationscancallthegetValueExmethodtoretrieveINTEGERvaluesas64-bitvalues.
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreatequerytextvarstrQuery="SELECTTimeGenerated,SourceName,EventID,MessageFROMSystem";
VBScriptexample:
DimoLogQuery
![Page 592: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/592.jpg)
//ExecutequeryandreceiveaLogRecordSetvaroRecordSet=oLogQuery.Execute(strQuery);
//Visitallrecordswhile(!oRecordSet.atEnd()){//GetarecordvaroRecord=oRecordSet.getRecord();
//DisplayrecordinformationWScript.Echo("TimeGenerated:"+oRecord.getValue("TimeGenerated"));WScript.Echo("SourceName:"+oRecord.getValue(1));WScript.Echo("EventID:"+oRecord.getValue(2));if(!oRecord.isNull(3)){WScript.Echo("Message:"+oRecord.getValue(3));}else{WScript.Echo("Message:<null>");}
//AdvanceLogRecordSettonextrecordoRecordSet.moveNext();}
//CloseLogRecordSetoRecordSet.close();
DimoRecordSetDimstrQueryDimfDimval
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreatequerytextstrQuery="SELECTTimeGenerated,SourceName,EventID,MessageFROMSystem"
'ExecutequeryandreceiveaLogRecordSetSetoRecordSet=oLogQuery.Execute(strQuery)
'VisitallrecordsDOWHILENOToRecordSet.atEnd
'Getarecord SetoRecord=oRecordSet.getRecord
'DisplayrecordinformationWScript.Echo"TimeGenerated:"&oRecord.getValue("TimeGenerated")WScript.Echo"SourceName:"&oRecord.getValue(1)WScript.Echo"EventID:"&oRecord.getValue(2)IfoRecord.isNull(3)=FalseThenWScript.Echo"Message:"&oRecord.getValue(3)ElseWScript.Echo"Message:<null>"EndIf
'AdvanceLogRecordSettonextrecord oRecordSet.moveNext
LOOP
'CloseRecordSet
Seealso:LogRecordObjectLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 593: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/593.jpg)
oRecordSet.close
![Page 594: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/594.jpg)
getValueExMethodReturnsthevalueofthefieldatthespecifiedpositionintherecord.ThevaluereturnedbythegetValueExmethodisintendedforlow-levelprogramminglanguagesandisnotsuitableforconsumptionbyscriptinglanguages.
C++Syntax
HRESULTgetValueEx(INVARIANT*pindexOrName,OUTVARIANT*pVal);
Parameters
pindexOrNameAVT_I4orVT_BSTRVARIANTcontainingeitherthe0-basedindexofthefieldinthequeryoutputrecords,orthenameofthefieldinthequeryoutputrecords.TheindexmustbelessthanthenumberoffieldsreturnedbythegetColumnCountmethodoftheLogRecordSetobject.
ReturnValueThevalueofthespecifiedfield.ThevalueisreturnedasaVARIANTwhosetypedependsonthedatatypeofthefield.ThefollowingtableshowstheVARIANTtypereturnedforeachoftheLogParserdatatypes:
FieldTypeVARIANTType Description
INTEGER VT_I8 64-bitinteger
![Page 595: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/595.jpg)
REAL VT_R8 64-bitfloating-pointnumber
STRING VT_BSTR String
TIMESTAMP VT_I8 64-bitintegerrepresentingthenumberof100-nanosecondintervalssinceJanuary1,year0
NULL VT_NULL VT_NULLVARIANT
RemarksThegetValueExmethodreturns64-bitintegervaluesthatarenothandledcorrectlybyscriptinglanguages,Forthisreason,themethodisintendedforusebylow-level,non-scriptinglanguages,suchasC++.Ifyouaredevelopinganapplicationusingscriptinglanguages,considerusingthegetValuemethodinstead.
Seealso:LogRecordObjectgetValueMethodLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 596: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/596.jpg)
isNullMethodReturnsaBooleanvalueindicatingifanoutputrecordfieldisNULL.
ScriptSyntax
value=objRecord.isNull(index);
value=objRecord.isNull(fieldName);
Parameters
indexAnintegercontainingthe0-basedindexofthefieldinthequeryoutputrecords.TheindexmustbelessthanthenumberoffieldsreturnedbythegetColumnCountmethodoftheLogRecordSetobject.
fieldNameAstringcontainingthenameofthefieldinthequeryoutputrecords.
ReturnValueABooleanvalueindicatingifthespecifiedoutputrecordfieldisNULL.
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreatequerytextVBScriptexample:
![Page 597: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/597.jpg)
varstrQuery="SELECTTimeGenerated,SourceName,EventID,Message,DataFROMSystem";
//ExecutequeryandreceiveaLogRecordSetvaroRecordSet=oLogQuery.Execute(strQuery);
//Visitallrecordswhile(!oRecordSet.atEnd()){//GetarecordvaroRecord=oRecordSet.getRecord();
//DisplayrecordinformationWScript.Echo("TimeGenerated:"+oRecord.getValue("TimeGenerated"));WScript.Echo("SourceName:"+oRecord.getValue(1));WScript.Echo("EventID:"+oRecord.getValue(2));if(!oRecord.isNull(3)){WScript.Echo("Message:"+oRecord.getValue(3));}else{WScript.Echo("Message:<null>");}
if(!oRecord.isNull("Data")){WScript.Echo("Data:"+oRecord.getValue(4));}else{WScript.Echo("Data:<null>");}
//AdvanceLogRecordSettonextrecordoRecordSet.moveNext();
DimoLogQueryDimoRecordSetDimstrQueryDimfDimval
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreatequerytextstrQuery="SELECTTimeGenerated,SourceName,EventID,Message,DataFROMSystem"
'ExecutequeryandreceiveaLogRecordSetSetoRecordSet=oLogQuery.Execute(strQuery)
'VisitallrecordsDOWHILENOToRecordSet.atEnd
'Getarecord SetoRecord=oRecordSet.getRecord
'DisplayrecordinformationWScript.Echo"TimeGenerated:"&oRecord.getValue("TimeGenerated")WScript.Echo"SourceName:"&oRecord.getValue(1)WScript.Echo"EventID:"&oRecord.getValue(2)IfoRecord.isNull(3)=FalseThenWScript.Echo"Message:"&oRecord.getValue(3)ElseWScript.Echo"Message:<null>"EndIf
IfoRecord.isNull("Data")=FalseThenWScript.Echo"Data:"&oRecord.getValue(4)ElseWScript.Echo"Data:<null>"EndIf
Seealso:LogRecordObjectLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 598: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/598.jpg)
}
//CloseLogRecordSetoRecordSet.close();
'AdvanceLogRecordSettonextrecord oRecordSet.moveNext
LOOP
'CloseRecordSetoRecordSet.close
![Page 599: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/599.jpg)
toNativeStringMethodReturnsafieldorthewholeoutputrecordasastringvalue.
ScriptSyntax
value=objRecord.toNativeString(index);
value=objRecord.toNativeString(separator);
Parameters
indexAnintegercontainingthe0-basedindexofafieldinthequeryoutputrecords.TheindexmustbelessthanthenumberoffieldsreturnedbythegetColumnCountmethodoftheLogRecordSetobject.
separatorAstringcontainingtheseparatortobeusedbetweenthefieldsoftherecord.
ReturnValueIfafieldindexisusedasargument,themethodreturnsthespecifiedfieldformattedtoastringaccordingtotheinputformatstringrepresentationofthedatatype.Forexample,iftheinputformatusedparsestimestampsformattedas'yyyy-MM-ddhh:mm:ss',thenthemethodformatsTIMESTAMPvaluesusingthesameformat.Ifastringseparatorisusedasargument,themethodreturnstheconcatenationofalltherecordfieldsformattedtoastring,separatedbythespecifiedseparator.
![Page 600: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/600.jpg)
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreatequerytextvarstrQuery="SELECTTimeGenerated,SourceName,EventID,MessageFROMSystem";
//ExecutequeryandreceiveaLogRecordSetvaroRecordSet=oLogQuery.Execute(strQuery);
//Visitallrecordswhile(!oRecordSet.atEnd()){//GetarecordvaroRecord=oRecordSet.getRecord();
//DisplayrecordinformationWScript.Echo("TimeGenerated:"+oRecord.toNativeString(0));WScript.Echo("WholeRecord:"+oRecord.toNativeString(","));
//AdvanceLogRecordSettonextrecordoRecordSet.moveNext();}
//CloseLogRecordSetoRecordSet.close();
VBScriptexample:
DimoLogQueryDimoRecordSetDimstrQueryDimfDimval
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreatequerytextstrQuery="SELECTTimeGenerated,SourceName,EventID,MessageFROMSystem"
'ExecutequeryandreceiveaLogRecordSetSetoRecordSet=oLogQuery.Execute(strQuery)
'VisitallrecordsDOWHILENOToRecordSet.atEnd
'Getarecord SetoRecord=oRecordSet.getRecord
'DisplayrecordinformationWScript.Echo"TimeGenerated:"&oRecord.toNativeString(0)WScript.Echo"WholeRecord:"&oRecord.toNativeString(",")
'AdvanceLogRecordSettonextrecord oRecordSet.moveNext
LOOP
Seealso:LogRecordObjectLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 601: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/601.jpg)
'CloseRecordSetoRecordSet.close
![Page 602: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/602.jpg)
InputFormatObjectsInputFormatobjectsprovideprogrammaticaccesstotheinputformatssupportedbyLogParser.
InputFormatobjectsareinstantiatedwiththeProgIdandthe.NETCOMwrapperclassnamesspecifiedinthefollowingtable:
InputFormat ProgId .NETCOMWrapperClassName
ADS MSUtil.LogQuery.ADSInputFormat COMADSInputContextClassClass
BIN MSUtil.LogQuery.IISBINInputFormat COMIISBINInputContextClassClass
CSV MSUtil.LogQuery.CSVInputFormat COMCSVInputContextClassClass
ETW MSUtil.LogQuery.ETWInputFormat COMETWInputContextClassClass
EVT MSUtil.LogQuery.EventLogInputFormat COMEventLogInputContextClassClass
FS MSUtil.LogQuery.FileSystemInputFormat COMFileSystemInputContextClassClass
HTTPERR MSUtil.LogQuery.HttpErrorInputFormat COMHttpErrorInputContextClassClass
IIS MSUtil.LogQuery.IISIISInputFormat COMIISIISInputContextClassClass
IISODBC MSUtil.LogQuery.IISODBCInputFormat COMIISODBCInputContextClassClass
IISW3C MSUtil.LogQuery.IISW3CInputFormat COMIISW3CInputContextClassClass
NCSA MSUtil.LogQuery.IISNCSAInputFormat COMIISNCSAInputContextClassClass
NETMON MSUtil.LogQuery.NetMonInputFormat COMNetMonInputContextClassClass
REG MSUtil.LogQuery.RegistryInputFormat COMRegistryInputContextClassClass
![Page 603: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/603.jpg)
TEXTLINE MSUtil.LogQuery.TextLineInputFormat COMTextLineInputContextClassClass
TEXTWORD MSUtil.LogQuery.TextWordInputFormat COMTextWordInputContextClassClass
TSV MSUtil.LogQuery.TSVInputFormat COMTSVInputContextClassClass
URLSCAN MSUtil.LogQuery.URLScanLogInputFormat COMURLScanLogInputContextClassClass
W3C MSUtil.LogQuery.W3CInputFormat COMW3CInputContextClassClass
XML MSUtil.LogQuery.XMLInputFormat COMXMLInputContextClassClass
Afterinstantiatinganinputformatobject,anapplicationcansettheinputformatparametersandusetheobjectasanargumenttotheExecuteorExecuteBatchmethodsoftheLogQueryobject.
MethodsTheInputFormatobjectsdonotexposemethods.
PropertiesTheInputFormatobjectsexposeread/writepropertieswiththesamenamesandcapitalizationastheparametersacceptedbythecorrespondingLogParserinputformat.Forexample,theMSUtil.LogQuery.EventLogInputFormatinputformatobjectexposesa"resolveSIDs"propertythatcontrolstheresolveSIDsparameteroftheEVTinputformat.Thevaluetypeacceptedandreturnedbyaninputformatobjectpropertydependsonthenatureofthevaluesthatcanbespecifiedfortheinputformatparameter,asdescribedbythefollowingtable:
Parametervalues
Propertyvaluetype JScriptExample
![Page 604: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/604.jpg)
"ON"/"OFF"values Boolean oEVTInputFormat.resolveSIDs=true;
Enumerationvalues(e.g."ASC"/"PRINT"/"HEX")
String oEVTInputFormat.binaryFormat="PRINT";
Stringvalues String oEVTInputFormat.stringsSep=",";
Numericvalues Number oIISW3CInputFormat.recurse=10;
FormoreinformationonInputFormatParameters,seetheInputFormatsReference.
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreateEVTInputFormatobjectvaroEVTInputFormat=newActiveXObject("MSUtil.LogQuery.EventLogInputFormat");
//SetinputformatparametersoEVTInputFormat.resolveSIDs=true;oEVTInputFormat.binaryFormat="PRINT";oEVTInputFormat.stringsSep=",";oEVTInputFormat.iCheckpoint="MyCheckpoint.lpc";
//CreatequerytextvarstrQuery="SELECT*FROMSystem";
VBScriptexample:
DimoLogQueryDimoEVTInputFormatDimstrQueryDimoRecordSet
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreateEVTInputFormatobjectSetoEVTInputFormat=CreateObject("MSUtil.LogQuery.EventLogInputFormat")
Seealso:LogQueryObjectOutputFormatObjectsLogParserCOMAPIOverviewC#Example
![Page 605: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/605.jpg)
//ExecutequeryandreceiveaLogRecordSetvaroRecordSet=oLogQuery.Execute(strQuery,oEVTInputFormat);'SetinputformatparametersoEVTInputFormat.resolveSIDs=TrueoEVTInputFormat.binaryFormat="PRINT"oEVTInputFormat.stringsSep=","oEVTInputFormat.iCheckpoint="MyCheckpoint.lpc"
'CreatequerytextstrQuery="SELECT*FROMSystem"
'ExecutequeryandreceiveaLogRecordSetSetoRecordSet=oLogQuery.Execute(strQuery,oEVTInputFormat)
©2004MicrosoftCorporation.Allrightsreserved.
![Page 606: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/606.jpg)
OutputFormatObjectsOutputFormatobjectsprovideprogrammaticaccesstotheoutputformatssupportedbyLogParser.
OutputFormatobjectsareinstantiatedwiththeProgIdandthe.NETCOMwrapperclassnamesspecifiedinthefollowingtable:
OutputFormat ProgId .NETCOMWrapperClassName
CHART MSUtil.LogQuery.ChartOutputFormat COMChartOutputContextClassClass
CSV MSUtil.LogQuery.CSVOutputFormat COMCSVOutputContextClassClass
DATAGRID MSUtil.LogQuery.DataGridOutputFormat COMDataGridOutputContextClassClass
IIS MSUtil.LogQuery.IISOutputFormat COMIISOutputContextClassClass
NAT MSUtil.LogQuery.NativeOutputFormat COMNativeOutputContextClassClass
SQL MSUtil.LogQuery.SQLOutputFormat COMSQLOutputContextClassClass
SYSLOG MSUtil.LogQuery.SYSLOGOutputFormat COMSYSLOGOutputContextClassClass
TPL MSUtil.LogQuery.TemplateOutputFormat COMTemplateOutputContextClassClass
TSV MSUtil.LogQuery.TSVOutputFormat COMTSVOutputContextClassClass
W3C MSUtil.LogQuery.W3COutputFormat COMW3COutputContextClassClass
XML MSUtil.LogQuery.XMLOutputFormat COMXMLOutputContextClassClass
Afterinstantiatinganoutputformatobject,anapplicationcansettheoutputformatparametersandusetheobjectasanargumenttothe
![Page 607: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/607.jpg)
ExecuteBatchmethodoftheLogQueryobject.
MethodsTheOutputFormatobjectsdonotexposemethods.
PropertiesTheOutputFormatobjectsexposeread/writepropertieswiththesamenamesandcapitalizationastheparametersacceptedbythecorrespondingLogParseroutputformat.Forexample,theMSUtil.LogQuery.CSVOutputFormatoutputformatobjectexposesa"headers"propertythatcontrolstheheadersparameteroftheCSVoutputformat.Thevaluetypeacceptedandreturnedbyanoutputformatobjectpropertydependsonthenatureofthevaluesthatcanbespecifiedfortheoutputformatparameter,asdescribedbythefollowingtable:
Parametervalues
Propertyvaluetype JScriptExample
"ON"/"OFF"values Boolean oCSVOutputFormat.tabs=true;
Enumerationvalues(e.g."ON"/"OFF"/"AUTO")
String oCSVOutputFormat.oDQuotes="OFF";
Stringvalues String oCSVOutputFormat.oTsFormat="yyyy-MM-dd";
Numericvalues Number oCSVOutputFormat.oCodepage=-1;
FormoreinformationonOutputFormatParameters,seetheOutputFormatsReference.
![Page 608: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/608.jpg)
Examples
JScriptexample:
varoLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreateEVTInputFormatobjectvaroEVTInputFormat=newActiveXObject("MSUtil.LogQuery.EventLogInputFormat");
//CreateCSVOutputFormatobjectvaroCSVOutputFormat=newActiveXObject("MSUtil.LogQuery.CSVOutputFormat");
//SetoutputformatparametersoCSVOutputFormat.tabs=true;oCSVOutputFormat.oDQuotes="OFF";oCSVOutputFormat.oTsFormat="yyyy-MM-dd";oCSVOutputFormat.oCodepage=-1;
//CreatequerytextvarstrQuery="SELECTTimeGenerated,MessageINTOOutput.csvFROMSystem";
//ExecutequeryoLogQuery.ExecuteBatch(strQuery,oEVTInputFormat,oCSVOutputFormat);
VBScriptexample:
DimoLogQueryDimoEVTInputFormatDimoCSVOutputFormatDimstrQueryDimoRecordSet
SetoLogQuery=CreateObject("MSUtil.LogQuery")
'CreateEVTInputFormatobjectSetoEVTInputFormat=CreateObject("MSUtil.LogQuery.EventLogInputFormat")
'CreateCSVOutputFormatobjectSetoCSVOutputFormat=CreateObject("MSUtil.LogQuery.CSVOutputFormat")
'SetoutputformatparametersoCSVOutputFormat.tabs=TrueoCSVOutputFormat.oDQuotes="OFF"oCSVOutputFormat.oTsFormat="yyyy-MM-dd"oCSVOutputFormat.oCodepage=-1
'CreatequerytextstrQuery="SELECTTimeGenerated,MessageINTOOutput.csvFROMSystem"
'Executequery
Seealso:LogQueryObjectInputFormatObjectsLogParserCOMAPIOverviewC#Example
©2004MicrosoftCorporation.Allrightsreserved.
![Page 609: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/609.jpg)
oLogQuery.ExecuteBatchstrQuery,oEVTInputFormat,oCSVOutputFormat
![Page 610: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/610.jpg)
COMInputFormatPluginsCOMInputFormatPluginsareuser-developedinputformatsthatcanbeusedwithLogParsertoprovidecustomparsingcapabilities.
CustominputformatsaredevelopedasCOMobjectsimplementingthemethodsoftheILogParserInputContextCOMinterface.
OncedevelopedandregisteredwiththeCOMinfrastructure,custominputformatscanbeusedwitheithertheLogParserscriptableCOMcomponentsthroughtheExecuteandExecuteBatchmethodsoftheLogQueryobject,orwiththeLogParsercommand-lineexecutablethroughtheCOMinputformat.
ILogParserInputContextInterface:describesthemethodsthatmustbeimplementedbycustominputformatCOMobjects.RunTimeInteraction:describeshowLogParserinteractswithcustominputformatCOMobjectsatruntime.
Seealso:CustomPluginsCOMInputFormat
©2004MicrosoftCorporation.Allrightsreserved.
![Page 611: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/611.jpg)
ILogParserInputContextInterfaceCustominputformatsaredevelopedasCOMobjectsimplementingthemethodsoftheILogParserInputContextCOMinterface.AcustominputformatimplementsthemethodsofthisinterfacebyimplementingtheILogParserInputContextinterfacedirectly,orbyimplementingtheIDispatch(Automation)interfaceexposingthemethodsoftheILogParserInputContextinterface.
Interface
////InterfaceGUID//
/*27E78867-48AB-433c-9AFD-9D78D8B1CFC7*/DEFINE_GUID(IID_ILogParserInputContext,0x27E78867,0x48AB,0x433C,0x9A,0xFD,0x9D,0x78,0xD8,0xB1,0xCF,0xC7);
////LogParserInputContextInterfaceimplementedbyLogParserInputpluginsandcalledbyLogParser.
//
classILogParserInputContext:publicIUnknown{public:
enumFieldType{Integer=1,Real=2,String=3,
Methods
OpenInput Processesthespecifiedfrom-entityandperformsanynecessaryinitialization.
GetFieldCount Returnsthenumberofinputrecordfields.
GetFieldName Returnsthenameofaninputrecordfield.
GetFieldType Returnsthetypeofaninputrecordfield.
ReadRecord Readsthenextinputrecord.
GetValue Returnsthevalueofafieldinthecurrentinputrecord.
CloseInput Releasesalltheresourcesandperformsanynecessarycleanup.
![Page 612: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/612.jpg)
Timestamp=4,Null=5};
virtualHRESULTSTDMETHODCALLTYPEOpenInput(INBSTRbszFromEntity)=0;
virtualHRESULTSTDMETHODCALLTYPEGetFieldCount(OUTDWORD*pnFields)=0;
virtualHRESULTSTDMETHODCALLTYPEGetFieldName(INDWORDfIndex,OUTBSTR*pbszFieldName)=0;
virtualHRESULTSTDMETHODCALLTYPEGetFieldType(INDWORDfIndex,OUTDWORD*pnFieldType)=0;
virtualHRESULTSTDMETHODCALLTYPEReadRecord( OUTVARIANT_BOOL*pbDataAvailable)=0;
virtualHRESULTSTDMETHODCALLTYPEGetValue(INDWORDfIndex,OUTVARIANT*pvarValue)=0;
virtualHRESULTSTDMETHODCALLTYPECloseInput(INVARIANT_BOOLbAbort)=0;};
Properties
CustomProperties CustominputformatsdevelopedasIDispatchCOMobjectscansupportcustompropertiesthatarecontrolledatruntimeasinputformatparameters.
Seealso:RunTimeInteractionCustomPlugins
©2004MicrosoftCorporation.Allrightsreserved.
![Page 613: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/613.jpg)
CloseInputMethodReleasesalltheresourcesandperformsanynecessarycleanup.
C++Syntax
HRESULTSTDMETHODCALLTYPECloseInput(INVARIANT_BOOLbAbort);ScriptSyntax
CloseInput(bAbort);
Parameters
bAbortABooleanvaluesettoTRUEifthequeryexecutionhasbeenaborted,orFALSEifthequeryexecutionhascompletedsuccessfully.
ReturnValueNone.
RemarksThisisthelastmethodinvokedbyLogParserbeforereleasingthecustominputformatCOMobject.
Examples
![Page 614: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/614.jpg)
C++example:
HRESULTCProcessesInputContext::CloseInput(INVARIANT_BOOLbAbort){//Closethesnapshothandleif(m_hSnapshot!=INVALID_HANDLE_VALUE){CloseHandle(m_hSnapshot);m_hSnapshot=INVALID_HANDLE_VALUE;}
returnS_OK;}
VBScriptexample:
FunctionCloseInput(bAbort)
m_objQFEArray=Array()
EndFunctionSeealso:ILogParserInputContextInterfaceOpenInputMethodRunTimeInteractionCustomPlugins
©2004MicrosoftCorporation.Allrightsreserved.
![Page 615: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/615.jpg)
GetFieldCountMethodReturnsthenumberoffieldsintheinputrecords.
C++Syntax
HRESULTSTDMETHODCALLTYPEGetFieldCount(OUTDWORD*pnFields);ScriptSyntax
nFields=GetFieldCount();
ReturnValueAnintegervaluecontainingthenumberoffieldsintheinputrecords.
Examples
C++example:
HRESULTCProcessesInputContext::GetFieldCount(OUTDWORD*pnFields){ //ThisInputContextexports4fields
*pnFields=4;
returnS_OK;}
VBScriptexample:
FunctionGetFieldCount()
'ThisInputFormatreturns4or6fields Ifm_bExtendedFields=TrueThen GetFieldCount=6 Else GetFieldCount=4 EndIf
Seealso:ILogParserInputContextInterfaceRunTimeInteractionCustomPlugins
![Page 616: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/616.jpg)
EndFunction©2004MicrosoftCorporation.Allrightsreserved.
![Page 617: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/617.jpg)
GetFieldNameMethodReturnsthenameofaninputrecordfield.
C++Syntax
HRESULTSTDMETHODCALLTYPEGetFieldName(INDWORDfIndex,OUTBSTR*pbszFieldName);ScriptSyntax
fieldName=GetFieldName(fIndex);
Parameters
fIndexThe0-basedindexoftheinputrecordfield.TheindexvalueisguaranteedtobesmallerthanthenumberoffieldsreturnedbytheGetFieldCountmethod.
ReturnValueAstringvaluecontainingthenameoftheinputrecordfieldatthespecifiedposition.
Examples
C++example:
HRESULTCProcessesInputContext::GetFieldName(INDWORDfIndex,OUTBSTR*pbszFieldName){VBScriptexample:
![Page 618: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/618.jpg)
switch(fIndex){case0:{*pbszFieldName=SysAllocString(L"ImageName");break;}
case1:{*pbszFieldName=SysAllocString(L"PID");break;}
case2:{*pbszFieldName=SysAllocString(L"ParentPID");break;}
case3:{*pbszFieldName=SysAllocString(L"Threads");break;}}
returnS_OK;}
FunctionGetFieldName(nFieldIndex)
SelectCasenFieldIndex Case0 GetFieldName="QFE" Case1 GetFieldName="Description" Case2 GetFieldName="InstallDate" Case3 GetFieldName="InstalledBy" Case4 GetFieldName="Comments" Case5 GetFieldName="SP" EndSelect
EndFunction
Seealso:ILogParserInputContextInterfaceGetFieldTypeMethodRunTimeInteractionCustomPlugins
©2004MicrosoftCorporation.Allrightsreserved.
![Page 619: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/619.jpg)
GetFieldTypeMethodReturnsthetypeofaninputrecordfield.
C++Syntax
HRESULTSTDMETHODCALLTYPEGetFieldType(INDWORDfIndex,OUTDWORD*pnFieldType);ScriptSyntax
fieldType=GetFieldType(fIndex);
Parameters
fIndexThe0-basedindexoftheinputrecordfield.TheindexvalueisguaranteedtobesmallerthanthenumberoffieldsreturnedbytheGetFieldCountmethod.
ReturnValueAnintegervaluefromtheFieldTypeenumerationcontainingtheLogParserdatatypeoftheinputrecordfieldatthespecifiedposition.
Examples
C++example:
HRESULTCProcessesInputContext::GetFieldType(INDWORDfIndex,OUTDWORD*pnFieldType){VBScriptexample:
![Page 620: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/620.jpg)
switch(fIndex){case0:{//ImageName*pnFieldType=ILogParserInputContext::String;break;}
case1:{//PID*pnFieldType=ILogParserInputContext::Integer;break;}
case2:{//ParentPID*pnFieldType=ILogParserInputContext::Integer;break;}
case3:{//Threads*pnFieldType=ILogParserInputContext::Integer;break;}}
returnS_OK;}
FunctionGetFieldType(nFieldIndex)
SelectCasenFieldIndex Case0 'String GetFieldType=3 Case1 'String GetFieldType=3 Case2 'Timestamp GetFieldType=4 Case3 'String GetFieldType=3 Case4 'String GetFieldType=3 Case5 'String GetFieldType=3
EndSelect
EndFunction
Seealso:ILogParserInputContextInterfaceGetFieldNameMethodRunTimeInteractionCustomPlugins
©2004MicrosoftCorporation.Allrightsreserved.
![Page 621: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/621.jpg)
GetValueMethodReturnsthevalueofaninputrecordfield.
C++Syntax
HRESULTSTDMETHODCALLTYPEGetValue(INDWORDfIndex,OUTVARIANT*pvarValue);ScriptSyntax
value=GetValue(fIndex);
Parameters
fIndexThe0-basedindexoftheinputrecordfield.TheindexvalueisguaranteedtobesmallerthanthenumberoffieldsreturnedbytheGetFieldCountmethod.
ReturnValueAVARIANTcontainingthevalueofthespecifiedfield.TheVARIANTtypemustmatchtheLogParserdatatypedeclaredbytheGetFieldTypemethod,asshowninthefollowingtable:
DeclaredFieldType C++VARIANTType
VBScriptType
INTEGER VT_I8(alsocompatible:VT_I4) Long(VT_I4)
REAL VT_R8 Double
![Page 622: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/622.jpg)
(VT_R8)
STRING VT_BSTR String(VT_BSTR)
TIMESTAMP VT_DATE(alsocompatible:VT_I8,VT_I4containingthenumberof100-nanosecondintervalssinceJanuary1,year0)
Date(VT_DATE)
NULL VT_NULL(alsocompatible:VT_EMPTY)
Null(VT_NULL)
RemarksAnyvaluecanbereturnedasaVT_NULLorVT_EMPTYVARIANT(aNullVBScriptvariable)toindicateaNULLvalue,regardlessofthefieldtypedeclaredbytheGetFieldTypemethod.Duetoqueryexecutionoptimizations,thereisnoguaranteethattheGetValuemethodwillbecalledforallthefieldsofaninputrecord.Infact,theGetValuemethodwillonlybecalledforthosefieldsthatarereferredtobythecurrentlyexecutingquery.Forexample,ifaqueryreferstotwofieldsonlyoutofaninputrecordmadeupoftenfields,thentheGetValuemethodwillbecalledforthosetwofieldsonly.Ifaquerydoesnotrefertoanyinputrecordfield(e.g."SELECTCOUNT(*)"),thentheGetValuemethodwillneverbecalled.
Examples
C++example:
![Page 623: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/623.jpg)
HRESULTCProcessesInputContext::GetValue(INDWORDfIndex,OUTVARIANT*pvarValue){//InitializereturnvalueVariantInit(pvarValue);
switch(fIndex){case0:{//ImageNameV_VT(pvarValue)=VT_BSTR;V_BSTR(pvarValue)=SysAllocString(m_processEntry32.szExeFile);break;}
case1:{//PIDV_VT(pvarValue)=VT_I4;V_I4(pvarValue)=m_processEntry32.th32ProcessID;break;}
case2:{//ParentPIDV_VT(pvarValue)=VT_I4;V_I4(pvarValue)=m_processEntry32.th32ParentProcessID;break;}
case3:{//ThreadsV_VT(pvarValue)=VT_I4;V_I4(pvarValue)=m_processEntry32.cntThreads;break;
VBScriptexample:
FunctionGetValue(nFieldIndex)
SelectCasenFieldIndex
Case0'QFEGetValue=m_objQFEArray(m_nIndex).HotFixIDCase1'DescriptionGetValue=m_objQFEArray(m_nIndex).DescriptionCase2'InstallDateGetValue=m_objQFEArray(m_nIndex).InstallDateCase3'InstalledByGetValue=m_objQFEArray(m_nIndex).InstalledByCase4'CommentsGetValue=m_objQFEArray(m_nIndex).FixCommentsCase5'SPGetValue=m_objQFEArray(m_nIndex).ServicePackInEffect
EndSelect
EndFunction
Seealso:ILogParserInputContextInterfaceReadRecordMethodRunTimeInteractionCustomPlugins
©2004MicrosoftCorporation.Allrightsreserved.
![Page 624: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/624.jpg)
}}
returnS_OK;}
![Page 625: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/625.jpg)
OpenInputMethodProcessesthespecifiedfrom-entityandperformsanynecessaryinitialization.
C++Syntax
HRESULTSTDMETHODCALLTYPEOpenInput(INBSTRbszFromEntity);
ScriptSyntax
OpenInput(bszFromEntity);
Parameters
bszFromEntityThefrom-entityspecifiedintheFROMclauseofthecurrentlyexecutingquery,oranemptystringifLogParserisexecutedinHelpModetodisplaythequick-referencehelponthecustominputformat.
ReturnValueNone.
RemarksTheOpenInputmethodisthefirstmethodcalledbyLogParserafterthecustominputformatCOMobjecthasbeeninstantiated.Animplementationofthismethodwouldusuallyperformanynecessaryobjectinitialization,preparethefrom-entityforinputrecordretrieval(e.g.openinganinputfile),andeventuallypre-processtheinputtogathertheinputrecordfieldsmeta-informationthatwillbereturnedby
![Page 626: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/626.jpg)
theGetFieldCount,GetFieldName,andGetFieldTypemethods.UserscanexecutetheLogParsercommand-lineexecutableinHelpModetodisplayaquick-referencehelponacustominputformat.Thequick-referencehelpdisplaystheinputrecordfieldnamesandtypes,whichareretrievedthroughcallstotheGetFieldCount,GetFieldName,andGetFieldTypemethods.Iftheuser-suppliedhelpmodecommanddoesnotincludeafrom-entity,thebszFromEntityargumentwilbeanemptystring.Inthesecases,acustominputformatCOMobjectcanbehaveintwoways:Iftheinputrecordfieldsdonotdependonthefrom-entityspecifiedinthequery(i.e.iftheinputrecordstructureisfixed),thenthecustominputformatCOMobjectshouldaccepttheemptyfrom-entitywithoutreturninganerror,allowingLogParsertosubsequentlycalltheGetFieldCount,GetFieldName,andGetFieldTypemethodstoretrievetheinputrecordstructure;Iftheinputrecordfieldsdependonthefrom-entityspecifiedinthequery(i.e.iftheinputrecordstructureisextractedfromtheinputdata),thenthecustominputformatCOMobjectshouldrejecttheemptyfrom-entityreturninganerror,whichwillinturncausethehelpcommandtodisplayawarningmessagetotheuserinplaceoftheinputrecordstructure.
Examples
C++example:
HRESULTCProcessesInputContext::OpenInput(INBSTRbszFromEntity){//Initializeobject...
//Thisinputformatdoesnotrequireafrom-entity,so//wewilljustignoretheargument
VBScriptexample:
FunctionOpenInput(strComputerName)
DimobjWMIService DimobjQFEs DimnLengthSeealso:
![Page 627: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/627.jpg)
returnS_OK;} 'Defaultcomputernameislocalmachine IfIsNull(strComputerName)OrLen(strComputerName)=0Then strComputerName="." EndIf
'QueryforalltheQFE'sonthespecifiedmachine SetobjWMIService=GetObject("winmgmts:"&"{impersonationLevel=impersonate}!\\"&strComputerName&"\root\cimv2") SetobjQFEs=objWMIService.ExecQuery("Select*fromWin32_QuickFixEngineering")
'Storeinarray m_objQFEArray=Array() ForEachobjQFEInobjQFEs ReDimPreservem_objQFEArray(UBound(m_objQFEArray)+1) Setm_objQFEArray(UBound(m_objQFEArray))=objQFE Next
m_nIndex=LBound(m_objQFEArray)
EndFunction
ILogParserInputContextInterfaceCloseInputMethodRunTimeInteractionCustomPlugins
©2004MicrosoftCorporation.Allrightsreserved.
![Page 628: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/628.jpg)
ReadRecordMethodReadsthenextinputrecord.
C++Syntax
HRESULTSTDMETHODCALLTYPEReadRecord(OUTVARIANT_BOOL*pbDataAvailable);ScriptSyntax
bDataAvailable=ReadRecord();
ReturnValueABooleanvaluesettoTRUEifanewinputrecordhasbeenreadandisavailableforconsumption,orFALSEiftherearenomoreinputrecordstoreturn.
RemarksAnimplementationoftheReadRecordmethodwouldusuallyreadanewdataitemfromtheinputandstoreitinternally,waitingforLogParsertosubsequentlycalltheGetValuemethodmultipletimestoretrievetheinputrecordfieldvalues.TheBooleanvaluereturnedbytheReadRecordmethodisusedbyLogParsertodeterminewhichcustominputformatmethodswillbecallednext.IfthemethodreturnsTRUE,signalingavailabilityofaninputrecord,LogParserwillcalltheGetValuemethodmultipletimestoretrievetheinputrecordfieldvalues,followedbyanewcalltotheReadRecordmethodtoreadthenextinputrecord.IfthemethodreturnsFALSE,signalingtheendoftheinputdata,LogParserwillcalltheCloseInputmethodandreleasethecustominputformatCOMobject.
![Page 629: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/629.jpg)
Examples
C++example:
HRESULTCProcessesInputContext::ReadRecord(OUTVARIANT_BOOL*pbDataAvailable){if(m_hSnapshot==INVALID_HANDLE_VALUE){//Thisisthefirsttimewehavebeencalled
//Getashapshotofthecurrentprocessesm_hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);if(m_hSnapshot==INVALID_HANDLE_VALUE){//ErrorreturnHRESULT_FROM_WIN32(GetLastError());}
//Getthefirstentryif(!Process32First(m_hSnapshot,&m;_processEntry32)){DWORDdwLastError=GetLastError();if(dwLastError==ERROR_NO_MORE_FILES){//Noprocesses*pbDataAvailable=VARIANT_FALSE;returnS_OK;}else{//ErrorreturnHRESULT_FROM_WIN32(GetLastError());}
VBScriptexample:
FunctionReadRecord()
Ifm_nIndex>=UBound(m_objQFEArray)Then'EnumerationterminatedReadRecord=FalseElse'Advancem_nIndex=m_nIndex+1ReadRecord=TrueEndIf
EndFunction
Seealso:ILogParserInputContextInterfaceGetValueMethodRunTimeInteractionCustomPlugins
©2004MicrosoftCorporation.Allrightsreserved.
![Page 630: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/630.jpg)
}else{//Thereisdataavailable*pbDataAvailable=VARIANT_TRUE;returnS_OK;}}else{//Wehavealreadybeencalledbefore,andwehavealreadytakenasnapshot
//Getthenextentryif(!Process32Next(m_hSnapshot,&m;_processEntry32)){DWORDdwLastError=GetLastError();if(dwLastError==ERROR_NO_MORE_FILES){//Nomoreprocesses*pbDataAvailable=VARIANT_FALSE;returnS_OK;}else{//ErrorreturnHRESULT_FROM_WIN32(GetLastError());}}else{//Thereisdataavailable*pbDataAvailable=VARIANT_TRUE;returnS_OK;}}}
![Page 631: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/631.jpg)
CustomPropertiesProvideparametersforthecustominputformat.
C++Syntax
HRESULTSTDMETHODCALLTYPEput_propertyName(INVARIANT*value);ScriptSyntax
put_propertyName(value);
Parameters
valueAVT_BSTRVARIANTcontainingthestringparametervaluespecifiedwiththe-iCOMParamsparameteroftheCOMinputformat.
ReturnValueNone.
RemarksCustompropertiescanonlybeexposedbycustominputformatsthatimplementtheIDispatch(Automation)interface.Theseareusuallycustominputformatsdevelopedasscriptlets(.wscfiles)writteninJScriptorVBScript.Custompropertiesexposedbyacustominputformatcanbesetintwodifferentways:WiththeLogParsercommand-lineexecutable,custompropertiescanbesetthroughthe-iCOMParamsparameteroftheCOMinput
![Page 632: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/632.jpg)
format,asshowninthefollowingexample:
C:\>LogParser"SELECT*FROMfile.txt"-i:COM-iProgID:MySample.CustomInputFormat-iCOMParams:property1=value1,property2=value2WiththeLogParserscriptableCOMcomponents,custompropertiescanbesetdirectlyonthecustominputformatobjectbeforespecifyingtheobjectasanargumenttotheExecuteorExecuteBatchmethodsoftheLogQueryobject,asshowninthefollowingJScriptexample:
varobjLogQuery=newActiveXObject("MSUtil.LogQuery");
//CreatecustominputformatobjectvarobjCustomInputFormat=newActiveXObject("MySample.CustomInputFormat");
//SetcustominputformatparametersobjCustomInputFormat.property1="value1";objCustomInputFormat.property2="value2";
//ExecutequeryvarobjRecordSet=objLogQuery.Execute("SELECT*FROMfile.txt",objCustomInputFormat);
Examples
VBScriptexample:
Functionput_extendedFields(strValue)
IfUCase(strValue)="ON"Then m_bExtendedFields=True Else m_bExtendedFields=False EndIf
EndFunction
Seealso:ILogParserInputContextInterfaceRunTimeInteractionCustomPluginsCOMInputFormat
©2004MicrosoftCorporation.Allrightsreserved.
![Page 633: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/633.jpg)
RunTimeInteractionCustominputformatCOMobjectsareusedbyLogParserintwodifferentscenarios:whenexecutingaquery,andwhendisplayingaquick-referencehelponthecustominputformatwhentheLogParsercommand-lineexecutableisusedinHelpMode.
![Page 634: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/634.jpg)
QueryExecutionScenarioInthisscenario,acustominputformatCOMobjectisusedtoretrieveinputrecordsfromthespecifiedfrom-entity.
TomakeanexampleofthesequenceofthemethodcallsinvokedbyLogParseronthecustominputformatCOMobjectinthisscenario,wewillassumethatthecustominputformatgeneratesinputrecordscontainingthefollowingfourfields:
"FirstField",STRINGtype;"SecondField",INTEGERtype;"ThirdField",TIMESTAMPtype;"FourthField",STRINGtype.
Inaddition,wewillassumethatthequerybeingexecutedreferencesonlythreefieldsoutofthefourfieldsexportedbythecustominputformat,asinthefollowingexample:
SELECTFourthField,ThirdFieldFROMInputFile.txtWHEREFirstFieldLIKE'%test%'Thefollowingtableshowsthesequenceofmethodcallsundertheseassumptions:
Methodcall ReturnedvalueReturnedvaluedescription
Objectisinstantiated
OpenInput("InputFile.txt") None
GetFieldCount() 4
GetFieldName(0) "FirstField"
![Page 635: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/635.jpg)
GetFieldType(0) 3 FieldType.String
GetFieldName(1) "SecondField"
GetFieldType(1) 1 FieldType.Integer
GetFieldName(2) "ThirdField"
GetFieldType(2) 4 FieldType.Timestamp
GetFieldName(3) "FourthField"
GetFieldType(3) 3 FieldType.String
ReadRecord() TRUE aninputrecordisavailable
GetValue(0) VT_BSTRVARIANT
firstfieldvalue
GetValue(2) VT_DATEVARIANT
thirdfieldvalue
GetValue(3) VT_BSTRVARIANT
fourthfieldvalue
ReadRecord() TRUE aninputrecordisavailable
GetValue(0) VT_BSTRVARIANT
firstfieldvalue
GetValue(2) VT_DATEVARIANT
thirdfieldvalue
![Page 636: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/636.jpg)
GetValue(3) VT_BSTRVARIANT
fourthfieldvalue
... ... ...
ReadRecord() TRUE aninputrecordisavailable
GetValue(0) VT_BSTRVARIANT
firstfieldvalue
GetValue(2) VT_DATEVARIANT
thirdfieldvalue
GetValue(3) VT_BSTRVARIANT
fourthfieldvalue
ReadRecord() FALSE nomoreinputrecordsavailable
CloseInput(FALSE) None
Objectisreleased
![Page 637: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/637.jpg)
HelpModeScenarioWhentheLogParsercommand-lineexecutableisusedinHelpModetodisplayaquick-referencehelponthecustominputformat,thecustominputformatCOMobjectisonlyusedtoretrievethefieldinformationthatisdisplayedtotheuser.
Theuser-suppliedhelpmodecommandmayormaybenotincludeafrom-entity,asshowninthefollowingexamples:
C:\>LogParser-h-i:COM-iProgID:MySample.CustomInputFormatfile.txt
C:\>LogParser-h-i:COM-iProgID:MySample.CustomInputFormat
Iftheuser-suppliedhelpmodecommanddoesnotincludeafrom-entity,thenthebszFromEntityargumentoftheOpenInputmethodwillbeanemptystring.SeetheRemarkssectionoftheOpenInputMethodReferenceformoreinformationonhowcustominputformatCOMobjectsshouldbehaveinthiscase.
TomakeanexampleofthesequenceofthemethodcallsinvokedbyLogParseronthecustominputformatCOMobjectinthisscenario,wewillassumethatthecustominputformatgeneratesinputrecordscontainingthefollowingfourfields:
"FirstField",STRINGtype;"SecondField",INTEGERtype;"ThirdField",TIMESTAMPtype;"FourthField",STRINGtype.
Inaddition,wewillassumethatthehelpcommanddoesnotincludeafrom-entity.
Thefollowingtableshowsthesequenceofmethodcallsundertheseassumptions:
![Page 638: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/638.jpg)
Methodcall Returnedvalue Returnedvaluedescription
Objectisinstantiated
OpenInput("") None
GetFieldCount() 4
GetFieldName(0) "FirstField"
GetFieldType(0) 3 FieldType.String
GetFieldName(1) "SecondField"
GetFieldType(1) 1 FieldType.Integer
GetFieldName(2) "ThirdField"
GetFieldType(2) 4 FieldType.Timestamp
GetFieldName(3) "FourthField"
GetFieldType(3) 3 FieldType.String
CloseInput(FALSE) None
Objectisreleased
Seealso:ILogParserInputContextInterfaceCustomPlugins
©2004MicrosoftCorporation.Allrightsreserved.
![Page 639: Log Parser HelpLog Parser Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key](https://reader036.vdocuments.net/reader036/viewer/2022062402/5fc458a5fd69ae2e355cdd35/html5/thumbnails/639.jpg)
LegalInformation
MicrosoftDocumentationInformationinthisdocument,includingURLandotherInternetWebsitereferences,issubjecttochangewithoutnotice.Unlessotherwisenoted,theexamplecompanies,organizations,products,domainnames,e-mailaddresses,logos,people,placesandeventsdepictedhereinarefictitious,andnoassociationwithanyrealcompany,organization,product,domainname,e-mailaddress,logo,person,placeoreventisintendedorshouldbeinferred.Complyingwithallapplicablecopyrightlawsistheresponsibilityoftheuser.Withoutlimitingtherightsundercopyright,nopartofthisdocumentmaybereproduced,storedinorintroducedintoaretrievalsystem,ortransmittedinanyformorbyanymeans(electronic,mechanical,photocopying,recording,orotherwise),orforanypurpose,withouttheexpresswrittenpermissionofMicrosoftCorporation.
Microsoftmayhavepatents,patentapplications,trademarks,copyrights,orotherintellectualpropertyrightscoveringsubjectmatterinthisdocument.ExceptasexpresslyprovidedinanywrittenlicenseagreementfromMicrosoft,thefurnishingofthisdocumentdoesnotgiveyouanylicensetothesepatents,trademarks,copyrights,orotherintellectualproperty.
©2004MicrosoftCorporation.Allrightsreserved.
ActiveDirectory,JScript,Microsoft,MSDN,VisualBasic,VisualStudio,Windows,WindowsMedia,andWindowsServerareeitherregisteredtrademarksortrademarksofMicrosoftCorporationintheUnitedStatesand/orothercountries.
Thenamesofactualcompaniesandproductsmentionedhereinmaybethetrademarksoftheirrespectiveowners.