Skip to main content

Download Log Parser 2.2

You can download Log Parser from the Microsoft Download Center.

Log Parser 2.2 is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows operating system such as the Event Log, the Registry, the file system, and Active Directory.  You tell Log Parser what information you need and how you want it processed. The results of your query can be custom-formatted in text based output, or they can be persisted to more specialty targets like SQL, SYSLOG, or a chart.  Most software is designed to accomplish a limited number of specific tasks. Log Parser is different... the number of ways it can be used is limited only by the needs and imagination of the user.  The world is your database with Log Parser.

Input Formats

Can't find an input format you need?  The new COM input format makes it possible to create your own custom Input Format and plug it into the Log Parser engine.

XML - Reads XML files (requires the Microsoft® XML Parser (MSXML))

TSV - Reads tab- and space- separated values text files

ADS - Reads information from Active Directory objects

REG - Reads information from the Windows Registry

NETMON - Makes it possible to parse NetMon .cap capture files

ETW - Reads Event Tracing for Windows log files and live sessions

SQL Engine Improvements

Exponential performance improvement in SELECT DISTINCT and GROUP BY queries

"CASE" (simple-form) statement in the SELECT clause, e.g. "SELECT CASE myField WHEN 'value1' THEN '0' WHEN 'value2' THEN '1' ELSE '-1' END"

"BETWEEN" operator in the WHERE and HAVING clauses

"WITH ROLLUP" functionality in the GROUP BY clause

"DISTINCT" in aggregate functions (when no GROUP BY clause is specified)

"PROPSUM(...) [ ON <fields> ]" and "PROPCOUNT(...) [ ON <fields> ]" aggregate functions (these functions calculate the ratio between the SUM or COUNT functions on a field and the SUM or COUNT functions on the same field in a hierarchically higher group)

"USING" clause for declaring temporary field-expressions

Fields and Aliases are now case-insensitive

Date and Time Formats

l (milliseconds - lower case 'L')

n (nanoseconds)

tt (AM/PM)

? (any character)

General Improvements

.sql files can now take parameters, e.g. "logparser -file:myquery.sql?param1=value1+param2=value2"
Enabled permanent override the default values for global options, input format options, and output format options, e.g. "logparser -e:10 -o:NAT -rtp:-1 -savedefaults"
Input I/O performance improvement for text files

Output Formats

CHART - Creates chart image files (requires Microsoft Office 2000 or later)

TSV - Writes tab- and space- separated values text files

SYSLOG - Sends information to a SYSLOG server or to a SYSLOG-formatted text file

New Functions

MOD

BIT_AND, BIT_OR, BIT_NOT, BIT_XOR, BIT_SHL, BIT_SHR

EXP10, LOG10

ROUND, FLOOR

QNTROUND_TO_DIGIT, QNTFLOOR_TO_DIGIT

STRREPEAT

IN_ROW_NUMBER, OUT_ROW_NUMBER

ROT13

EXTRACT_FILENAME, EXTRACT_EXTENSION, EXTRACT_PATH

HEX_TO_ASC, HEX_TO_PRINT, HEX_TO_INT

HEX_TO_HEX8, HEX_TO_HEX16, HEX_TO_HEX32

IPV4_TO_INT, INT_TO_IPV4

HASHSEQ, HASHMD5_FILE

EXTRACT_PREFIX, EXTRACT_SUFFIX

STRCNT

Improvements to Existing Input and Output Formats

New parameters for most Input and Output Formats

NCSA input format now parses combined and extended NCSA log files

New "EventCategoryName" and "Data" fields to the EVT input format

"-recurse" option for most input formats now specifies a maximum subdirectory recursion level

CSV Input and Output Formats now support CSV files with double-quoted strings

New "FileVersion", "ProductVersion", "CompanyName", etc. fields to the FS input format

Enabled '*' and '?' wildcards in site name specifications for all IIS input formats, e.g. "SELECT * FROM <mysite*.com>"

Enabled URL's as input path for all text-based input formats, e.g. "SELECT * FROM http://www.adatum.com/table.csv"

Enabled environment variable names in the TPL output format sections, and added a SYSTEM_TIMESTAMP variable

Performance improvement in the EVT input format when reading from local and remote event logs

Scriptable COM interface now uses the command-line property names for all input and output formats

Related Links

Books

Microsoft Log Parser Toolkit

Authors:

  • Gabriele Giuseppini
  • Mark Burnett
  • Jeremy Faircloth
  • Dave Kleiman
Microsoft is conducting an online survey to understand your opinion of the MSDN Web site. If you choose to participate, the online survey will be presented to you when you leave the MSDN Web site.

Would you like to participate?