Effective Log Analyze with Log Parser


Log Parser 2.2 is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows operating system such as the Event Log, the Registry, the file system, and Active Directory.  You tell Log Parser what information you need and how you want it processed. The results of your query can be custom-formatted in text based output, or they can be persisted to more specialty targets like SQL, SYSLOG, or a chart.  Most software is designed to accomplish a limited number of specific tasks. Log Parser is different… the number of ways it can be used is limited only by the needs and imagination of the user.  The world is your database with Log Parser.

Input Formats

Can’t find an input format you need?  The new COM input format makes it possible to create your own custom Input Format and plug it into the Log Parser engine.

XML – Reads XML files (requires the Microsoft® XML Parser (MSXML))

TSV – Reads tab- and space- separated values text files

ADS – Reads information from Active Directory objects

REG – Reads information from the Windows Registry

NETMON – Makes it possible to parse NetMon .cap capture files

ETW – Reads Event Tracing for Windows log files and live sessions

SQL Engine Improvements

Exponential performance improvement in SELECT DISTINCT and GROUP BY queries

"CASE" (simple-form) statement in the SELECT clause, e.g. "SELECT CASE myField WHEN ‘value1’ THEN ‘0’ WHEN ‘value2’ THEN ‘1’ ELSE ‘-1’ END"

"BETWEEN" operator in the WHERE and HAVING clauses

"WITH ROLLUP" functionality in the GROUP BY clause

"DISTINCT" in aggregate functions (when no GROUP BY clause is specified)

"PROPSUM(…) [ ON <fields> ]" and "PROPCOUNT(…) [ ON <fields> ]" aggregate functions (these functions calculate the ratio between the SUM or COUNT functions on a field and the SUM or COUNT functions on the same field in a hierarchically higher group)

"USING" clause for declaring temporary field-expressions

Fields and Aliases are now case-insensitive

Date and Time Formats

l (milliseconds – lower case ‘L’)

n (nanoseconds)

tt (AM/PM)

? (any character)

General Improvements

.sql files can now take parameters, e.g. "logparser -file:myquery.sql?param1=value1+param2=value2"
Enabled permanent override the default values for global options, input format options, and output format options, e.g. "logparser -e:10 -o:NAT -rtp:-1 -savedefaults"
Input I/O performance improvement for text files

Output Formats

CHART – Creates chart image files (requires Microsoft Office 2000 or later)

TSV – Writes tab- and space- separated values text files

SYSLOG – Sends information to a SYSLOG server or to a SYSLOG-formatted text file

New Functions



EXP10, LOG10













Improvements to Existing Input and Output Formats

New parameters for most Input and Output Formats

NCSA input format now parses combined and extended NCSA log files

New "EventCategoryName" and "Data" fields to the EVT input format

"-recurse" option for most input formats now specifies a maximum subdirectory recursion level

CSV Input and Output Formats now support CSV files with double-quoted strings

New "FileVersion", "ProductVersion", "CompanyName", etc. fields to the FS input format

Enabled ‘*’ and ‘?’ wildcards in site name specifications for all IIS input formats, e.g. "SELECT * FROM <mysite*.com>"

Enabled URL’s as input path for all text-based input formats, e.g. "SELECT * FROM http://www.adatum.com/table.csv&quot;

Enabled environment variable names in the TPL output format sections, and added a SYSTEM_TIMESTAMP variable

Performance improvement in the EVT input format when reading from local and remote event logs

Scriptable COM interface now uses the command-line property names for all input and output formats

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s