Tag Archives: parsing logging

MS Log Parser

Today I’ve been working on logging and auditing for our web app. We’ve already got it logging major events (searches, views, updates) but today I’ve added in auditing of any changes that a user makes.

This leads to one thing – huge log files. But help is at hand in the form of Microsoft’s LogParser tool. It is a command line applicatioon which provides a very powerful SQL like query syntax. You map an input source through the query onto an output source, which include charts created with Microsoft Office Web Components and even your own template files (useful for HTML reports).

As an example…

Say my log file contains data in the following format:


I can easily create a report of the distribution of hits during the day:

> logparser.exe “select to_string(time,’hh’) AS Hour, Count(*) AS Hits FROM mylog.csv GROUP BY Hour” -iTsFormat:”hh:mm”

Which gives me:

Hour Hits
—- —–
00   1
08   2782
09   8098
10   10710
11   13233
12   11048
13   10257
14   12467
15   11411
16   8304
17   2864
18   1216
19   610
20   52
21   10
22   1

I can then drive a nice bar chart like so:

> logparser.exe “select to_string(time,’hh’) AS Hour, Count(*) AS Hits INTO chart.jpg FROM mylog.csv GROUP BY Hour” -iTsFormat:”hh:mm” -chartType:Bar3D -chartTitle:”Hits by Hour”

Example Chart

So very cool and very powerful. I’m now wading through the tool’s author’s book.