LogParser

LogParser is a command line driven tool from Microsoft for parsing web server log files. However, it's true power is in the fact that it can be used to "query" log files (various file formats) using familar SQL syntax.

You can download the latest version from Microsoft. Once installed, add it to your system path and you can run it form the command line.

Here are some examples of LogParser commands to search for text in application server logs:

Search for errors in all application server log files

C:\Temp\Logs>LogParser -i:TEXTLINE "SELECT SUBSTR(SUBSTR(TEXT, INDEX_OF(TEXT, '['), 18), 1, 18) as DATE_TIME_STAMP, 
SUBSTR(SUBSTR(TEXT, INDEX_OF(TEXT, ']'), 1000), 5, 1000) AS LOG_TEXT 
from APPSRV*.LOG where TEXT like '%Warning%'" -o:DATAGRID

Search for warnings in particular application server log file

C:\Temp\Logs>LogParser -i:TEXTLINE "SELECT SUBSTR(SUBSTR(TEXT, INDEX_OF(TEXT, '['), 18), 1, 18) as DATE_TIME_STAMP, 
SUBSTR(SUBSTR(TEXT, INDEX_OF(TEXT, ']'), 1000), 5, 1000) AS LOG_TEXT from APPSRV_0902.LOG where TEXT like '%Warning%'" -o:DATAGRID

Note the differences, the from clause specifies the log file(s), and the where TEXT like '%'is the search term you want to find in the file. The substring formatting you see at the start is to make the output of the log file more readable so you just see a date/time stamp and the matching line(s) in the log file.

The output setting in these cases is datagrid which brings up a GUI data grid like this:

logparser-data-grid.png

I first learnt about LogParser from the Coding Horror blog which has heaps of great information. You can find some good examples of how to use LogParser at TechNet. There's also this site with some fun ways to use it.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License