Making Order of Chaos with MS LogParser 2.2

I was having some trouble today sifting though some SharePoint diagnostic logs.  There is way too much noise in the logs, and the TSV format makes finding information less than simple.  Luckily, I decided to give MS Log Parser a go… it has been sitting in an install directory waiting for some excercise for over a year…

http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en

LogParser lets us run SQL-like queries against the contents of many different types of structured data files, including CSV, TSV, XML, W3C, IIS, and many others.  Output can be formatted in almost as many ways, including to a GUI dataview window. Anyone who likes SQL queries will love this.

Below is a simple sample conversion that I ran to strip out all “Medium” rated alerts, and anything that was not generated by the SharePoint Search Services.:

LogParser.exe -i:TSV -o TSV "SELECT Timestamp, Process, Area, Category, Level, Message
INTO searchEvents.tsv from 'c:Program FilesCommon FilesMicrosoft Sharedweb server
extensions12LOGSSHAREPOINT1-20081111-1237.log' WHERE Area='Search Server Common'
AND Level<>'Medium'"