Making Order of Chaos with MS LogParser 2.2

I was having some trouble today sifting though some SharePoint diagnostic logs.  There is way too much noise in the logs, and the TSV format makes finding information less than simple.  Luckily, I decided to give MS Log Parser a go… it has been sitting in an install directory waiting for some excercise for over a year…

http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en

LogParser lets us run SQL-like queries against the contents of many different types of structured data files, including CSV, TSV, XML, W3C, IIS, and many others.  Output can be formatted in almost as many ways, including to a GUI dataview window. Anyone who likes SQL queries will love this.

Below is a simple sample conversion that I ran to strip out all “Medium” rated alerts, and anything that was not generated by the SharePoint Search Services.:

LogParser.exe -i:TSV -o TSV "SELECT Timestamp, Process, Area, Category, Level, Message
INTO searchEvents.tsv from 'c:Program FilesCommon FilesMicrosoft Sharedweb server
extensions12LOGSSHAREPOINT1-20081111-1237.log' WHERE Area='Search Server Common'
AND Level<>'Medium'"

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s