Logparser 2.1 challenge

  • Thread starter Thread starter Blake
  • Start date Start date
B

Blake

Hello, I'm using the latest version of logparser. I have one large
log file which contains multiple days of log information. I want to
loop through this large log file and when the date changes create a
file with the current days log info and name the file with the date in
it(ex. ex041027.log).

For example, if I have 5 days of log information in one large file I
need 5 files with the corresponding log info in them.

Here is what I have:
FOR %%f IN (*.log) DO LogParser -i:IISW3C "SELECT date, c-ip,
cs-username, cs-method, cs-uri-stem, cs-uri-query, sc-status,
sc-bytes, cs-version, cs(User-Agent), cs(Referer) from
c:\Inetpub\AdminScripts\*.log ORDER BY date DESC" -o:CSV>date.txt
 
Blake wrote:
Hi Blake,
I don't know Logparser well but there are some flaws in your code
and IMO you should modify your query to let logparser do the work.
For example, if I have 5 days of log information in one large file I
need 5 files with the corresponding log info in them.

Here is what I have:
FOR %%f IN (*.log) DO LogParser -i:IISW3C "SELECT date, c-ip,
cs-username, cs-method, cs-uri-stem, cs-uri-query, sc-status,
sc-bytes, cs-version, cs(User-Agent), cs(Referer) from
c:\Inetpub\AdminScripts\*.log ORDER BY date DESC" -o:CSV>date.txt

This may work if the first field with the date is not quoted.
You may vary month, day, year by reordering %%A, %%B and %%C.

::Log2Date.cmd:::::::::::::::::::::::::::::::::::::::::::::::::::::::
@echo off&setlocal
set "fields=date, c-ip, cs-username, cs-method, cs-uri-stem"
set "fields=%fields%, cs-uri-query, sc-status, sc-bytes, cs-version"
set "fields=%fields%, cs(User-Agent), cs(Referer)"
set "files=c:\Inetpub\AdminScripts\*.log"
set "ord=ORDER BY date DESC"
set "fmt=-o:CSV"

FOR /f "tokens=1-3,* delims=,/" %%fA IN (
'LogParser -i:IISW3C "SELECT %fields% from %files% %ord%" %fmt%'
) do echo.%%A/%%B/%%C,%%D>>"%%A%%B%%C.txt"
::Log2Date.cmd:::::::::::::::::::::::::::::::::::::::::::::::::::::::

HTH
 
Matthias Tacke said:
Blake wrote:
Hi Blake,
I don't know Logparser well but there are some flaws in your code
and IMO you should modify your query to let logparser do the work.
My above assumption is correct.
Take a look at the help file of the iis6.0 reskit tools.
The multiplex feature needs it's filenaming argument as the first select
field (it is not contained in the output) it is used to replace an
asterisk in the TO clause.

HTH
 
Matthias Tacke said:
My above assumption is correct.
Take a look at the help file of the iis6.0 reskit tools.
The multiplex feature needs it's filenaming argument as the first select
field (it is not contained in the output) it is used to replace an
asterisk in the TO clause.
A similar select on the eventlog worked here.(Can't test iis in lieu of)

::Log2Date.cmd:::::::::::::::::::::::::::::::::::::::::::::::::::::::
@echo off&setlocal
set fields=TO_STRING(date,'yyyyMMdd'), date, c-ip, cs-username
set fields=%fields%, cs-method, cs-uri-stem, cs-uri-query, sc-status
set fields=%fields%, sc-bytes, cs-version, cs(User-Agent), cs(Referer)
set "files=c:\Inetpub\AdminScripts\*.log"
set "to=Log*.txt"

LogParser -i:IISW3C -o:csv "SELECT %fields% FROM %files% TO %to%"

::Log2Date.cmd:::::::::::::::::::::::::::::::::::::::::::::::::::::::

HTH
 
Back
Top