efficient data mining with log parser 2.2 chris adams program manager iis product unit microsoft...
TRANSCRIPT
Efficient Data Mining with Efficient Data Mining with Log Parser 2.2Log Parser 2.2
Chris AdamsChris AdamsProgram ManagerProgram ManagerIIS Product UnitIIS Product UnitMicrosoft CorporationMicrosoft Corporation
AgendaAgenda
Log Parser BasicsLog Parser Basics
How to Build an IIS Specific QueryHow to Build an IIS Specific Query
IIS Query ExamplesIIS Query Examples
Web Server Troubleshooting ExamplesWeb Server Troubleshooting Examples
Log Parser COM ArchitectureLog Parser COM Architecture
Demos, Demos, DemosDemos, Demos, Demos
Log Parser BasicsLog Parser BasicsGetting started with Log ParserGetting started with Log Parser
Powerful tool for queries against text based dataPowerful tool for queries against text based dataEx: Log files, XML files, and CSV filesEx: Log files, XML files, and CSV files
Log Parser requires:Log Parser requires:1. Input Format 1. Input Format
2. Query2. Query
3. Output Format3. Output Format
Query Language:Query Language:supports most of the true SQL language syntaxsupports most of the true SQL language syntax
extends the language with additional functionsextends the language with additional functions
Log Parser BasicsLog Parser BasicsParsing ModelParsing Model
Log Parser BasicsLog Parser BasicsSyntaxSyntax
Note: Note: Green Green = Required= Required
LogParser LogParser [[ -i:<input_format> -i:<input_format> ]] [[ <input_format_options> <input_format_options> ]]
[[ -o:<output_format> -o:<output_format> ]] [[ <output_format_options> <output_format_options> ]]
<SQL query><SQL query> || file:<query_filename> file:<query_filename>[[?param1=value1+?param1=value1+...]...] [<global switches>] [[<global switches>] [ -queryInfo -queryInfo ]]
Simple example: Logparser “Select * from <1>”Selects all lines in log file for IIS site #1
The Power of Log ParserThe Power of Log Parser
Chris AdamsChris AdamsProgram ManagerProgram ManagerIIS Product UnitIIS Product Unit
How to Build an IIS specific queryHow to Build an IIS specific queryStep 1: Choose input sourceStep 1: Choose input source
IIS related input formatsIIS related input formatsIISIIS
IISODBCIISODBC
IISW3C (Default for IIS)IISW3C (Default for IIS)
BINBIN
NCSANCSA
W3CW3C
HTTPERR (HTTP.SYS error log)HTTPERR (HTTP.SYS error log)
URLSCANURLSCAN
How to Build an IIS specific queryHow to Build an IIS specific query Step 2: Choose fields of interestStep 2: Choose fields of interest
Use “Logparser –h” to display fields for an input Use “Logparser –h” to display fields for an input formatformat
Example: Logparser –h –i:IISW3CExample: Logparser –h –i:IISW3C
How to Build an IIS specific queryHow to Build an IIS specific query Step 2: Choose fields of interestStep 2: Choose fields of interest
Or you can just use Log Parser HelpOr you can just use Log Parser Help
How to Build an IIS specific queryHow to Build an IIS specific query Step 3: Build SQL queryStep 3: Build SQL query
Minimal query must have Minimal query must have SelectSelect and and FromFrom
FromFrom <IIS Site ID> locates log files for an IIS site <IIS Site ID> locates log files for an IIS site
Example: Logparser “Select date from <1>”Example: Logparser “Select date from <1>”
Basic Query SyntaxBasic Query SyntaxSelect, Using, Into, From, Where, Group By, Having, Select, Using, Into, From, Where, Group By, Having, Order ByOrder By
Reduce output data using…Reduce output data using…Expressions: ALL, ANY, BETWEEN, IN, LIKEExpressions: ALL, ANY, BETWEEN, IN, LIKE
Aggregate functions: AVG, COUNT, GROUPING, Aggregate functions: AVG, COUNT, GROUPING, MAX, MIN, PROPCOUNT, PROPSUM, SUMMAX, MIN, PROPCOUNT, PROPSUM, SUM
Functions: ADD, BIT_OR, DIV, MUL, STRLEN, Functions: ADD, BIT_OR, DIV, MUL, STRLEN, STRCAT, TRIM, … (logparser –h FUNCTIONS)STRCAT, TRIM, … (logparser –h FUNCTIONS)
How to Build an IIS specific queryHow to Build an IIS specific query Step 4: Choose Output formatStep 4: Choose Output format
Default format = NAT Default format = NAT format (Tabulated format (Tabulated Columns) Columns)
DATAGRID exampleDATAGRID example
How to Build an IIS specific queryHow to Build an IIS specific query Step 4: Choose Output formatStep 4: Choose Output format
CHART examplesCHART examples
Note: Requires the Microsoft Office Web Components, Note: Requires the Microsoft Office Web Components, which are generally installed with Microsoft Office which are generally installed with Microsoft Office
What will this command do?What will this command do?
logparser "SELECT * INTO LogsTable FROM ex*.log logparser "SELECT * INTO LogsTable FROM ex*.log WHERE TO_LOWERCASE (EXTRACT_EXTENSION(cs-WHERE TO_LOWERCASE (EXTRACT_EXTENSION(cs-uri-stem)) NOT IN ('gif';'jpg';'png') AND sc-status <> 404" –uri-stem)) NOT IN ('gif';'jpg';'png') AND sc-status <> 404" –i:IISW3C –o:SQL –database:LogsDatabase i:IISW3C –o:SQL –database:LogsDatabase
How to Build an IIS specific queryHow to Build an IIS specific query Test Your Log Parser Skill – IIS Query ExampleTest Your Log Parser Skill – IIS Query Example
““SELECT * INTO LogsTable” = Put all info into LogsTable output formatSELECT * INTO LogsTable” = Put all info into LogsTable output format
““FROM ex*.log”FROM ex*.log” = From log files starting in “ex”= From log files starting in “ex”
““TO_LOWERCASETO_LOWERCASE ” = Disregard case” = Disregard case
““(EXTRACT_EXTENSION(cs-uri-stem)) NOT IN ('gif';'jpg';'png')(EXTRACT_EXTENSION(cs-uri-stem)) NOT IN ('gif';'jpg';'png') ” = All ” = All extensions except *.gif, *.jpg, *.pngextensions except *.gif, *.jpg, *.png
““sc-status <> 404” = Requests did not generate 404ssc-status <> 404” = Requests did not generate 404s
HINTSHINTS
Log Parser IIS QueriesLog Parser IIS Queries
Chris AdamsChris AdamsProgram ManagerProgram ManagerIIS Product UnitIIS Product Unit
Using Log Parser to Using Log Parser to Troubleshooting IISTroubleshooting IIS
Chris AdamsChris AdamsProgram ManagerProgram ManagerIIS Product UnitIIS Product Unit
Log Parser COM ArchitectureLog Parser COM Architecture
Requires Log Parser COM objects exported by the Requires Log Parser COM objects exported by the LogParser.dll libraryLogParser.dll library
Must register LogParser.dll on system Must register LogParser.dll on system
Scripting steps (in a nutshell)Scripting steps (in a nutshell)Instantiate the MSUtil.LogQuery object; Instantiate the MSUtil.LogQuery object;
Instantiate the input format object Instantiate the input format object
Instantiate the output format object Instantiate the output format object
Call the ExecuteBatch method of the MSUtil.LogQuery Call the ExecuteBatch method of the MSUtil.LogQuery object, specifying the query text, the input format object, object, specifying the query text, the input format object, and the output format object.and the output format object.
Log Parser COM ArchitectureLog Parser COM Architecture DIM objLogQuery : SET objLogQuery = WScript.CreateObject("MSUtil.LogQuery")
' Get the IIS Input and W3C output formatsDIM w3cInputFormat : SET w3cInputFormat =
WScript.CreateObject("MSUtil.LogQuery.IISW3CInputFormat")DIM w3cOutputFormat : SET w3cOutputFormat =
WScript.CreateObject("MSUtil.LogQuery.W3COutputFormat")w3cOutputFormat.filemode = 0
' Create a SQL query query = "SELECT TOP 20 cs-uri-stem, COUNT(*) as Total " & _ "INTO results.log FROM C:\WINDOWS\system32\Logfiles\W3SVC1\ex*.log " & _ "GROUP BY cs-uri-stem ORDER BY Total DESC "
objLogQuery.ExecuteBatch query, w3cInputFormat, w3cOutputFormat
Using Log Parser COMUsing Log Parser COM
Chris AdamsChris AdamsProgram ManagerProgram ManagerIIS Product UnitIIS Product Unit
Give me more…more…Give me more…more…more!more!
Chris AdamsChris AdamsProgram ManagerProgram ManagerIIS Product UnitIIS Product Unit
ResourcesResources
Where to obtain Log Parser 2.2:Where to obtain Log Parser 2.2:http://www.microsoft.com/downloads/http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en91b2-f8d975cf8c07&displaylang=en
Log Parser 2.2 Overview:Log Parser 2.2 Overview:http://www.microsoft.com/technet/scriptcenter/tools/http://www.microsoft.com/technet/scriptcenter/tools/logparser/default.mspxlogparser/default.mspx
““The Unofficial Log Parser Support Site:”The Unofficial Log Parser Support Site:”http://www.logparser.com http://www.logparser.com
© 2005 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.