Log Parser Working Event Viewer data


In this post I will show some examples how to use Logparser to filter Event viewer Information. An easy and faster way to see only we want and need.

You can download LogParser version 2.2 here – http://www.iis.net/community/default.aspx?tabid=34&g=6&i=1976 and read more about it here http://technet.microsoft.com/en-us/library/bb878032.aspx

Export all Events from Sys.tem Log, to an Csv File

logparser "SELECT * INTO h:\logs\sysmtelog.csv FROM system" -i:EVT -o:CSV
Statistics:
-----------
Elements processed: 56788
Elements output:    56788
Execution time:     2.73 seconds

Export Error Events from System Log, to an Csv File

logparser "SELECT * INTO h:\logs\systemerror.csv FROM system 
where EventTypeName = 'Error event'" -i:EVT -o:CSV
Statistics:
-----------
Elements processed: 56787
Elements output:    376
Execution time:     2.16 seconds

Export Warning Events from System Log, to an Csv File

logparser "SELECT * INTO h:\logs\systemwarning.csvFROM system 
where EventTypeName = 'Warning event'" -i:EVT -o:CSV
Statistics:
-----------
Elements processed: 56787
Elements output:    913
Execution time:     2.12 seconds

Export Error and Warning Events from System Log, to an Csv File

logparser "SELECT * INTO h:\logs\systemwarninganderror.csv FROM system 
where EventTypeName = 'Error event' or EventTypeName = 'Warning event'" -i:EVT -o:CSV

Statistics:
-----------
Elements processed: 56787
Elements output:    1289
Execution time:     2.17 seconds

Export Information from Application Log

logparser "SELECT * INTO h:\logs\app.csv FROM application" -i:EVT -o:CSV

Statistics:
-----------
Elements processed: 25352
Elements output:    25352
Execution time:     2.63 seconds

Exporting Error events from source NTFS

logparser "SELECT * INTO h:\logsiis\systemwarninganderrorntfsdisk.csv 
FROM system where EventTypeName = 'Error event' and Source
Name = 'Ntfs'" -i:EVT -o:CSV

Statistics:
-----------
Elements processed: 56789
Elements output:    8
Execution time:     2.37 seconds

Exporting specific events using Event ID

logparser "SELECT * INTO h:\logsiis\system10121014.csv FROM system where EventId ='1012' or EventId ='1014'" -i:EVT -o:CSV
Statistics:
-----------
Elements processed: 56790
Elements output:    595
Execution time:     2.23 seconds

Some posts related to Log Parser

https://rodolfovaraujo.wordpress.com/2012/04/25/log-parser-iis-charts/

https://rodolfovaraujo.wordpress.com/2012/04/24/log-parser-iis-logs-analysis/

Hope that this information can be useful, thank you for reading and visiting.

Advertisements

About rodvars
Been working in IT Services/Consulting for the past 15 years. My main areas of work are planning, development, managing and administration System infrastructures focusing on optimizing user processes, enforcing business security, performance enhancements, high availabilty and infrastucture scalability.

3 Responses to Log Parser Working Event Viewer data

  1. Krystle Sher says:

    Some particularly valid factors! I value you posting this post plus the rest of the website is also very wonderful also.

  2. I take pleasure in the invaluable information you deliver within your posts.

  3. Max says:

    Very useful information,
    Thanks a lot, if you have more related to log parser queries, it would be great to have it

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: