Skip to main content

Log Parser 2.2

Log Parser 2.2 is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows operating system such as the Event Log, the Registry, the file system, and Active Directory. You tell Log Parser what information you need and how you want it processed. The results of your query can be custom-formatted in text based output, or they can be persisted to more specialty targets like SQL, SYSLOG, or a chart. Most software is designed to accomplish a limited number of specific tasks. Log Parser is different... the number of ways it can be used is limited only by the needs and imagination of the user. The world is your database with Log Parser.

Download the Log Parser from the Microsoft Download Center.

 

Input Formats

Can't find an input format you need?  The new COM input format makes it possible to create your own custom Input Format and plug it into the Log Parser engine.

  • XML - Reads XML files (requires the Microsoft® XML Parser (MSXML))
  • TSV - Reads tab- and space- separated values text files
  • ADS - Reads information from Active Directory objects
  • REG - Reads information from the Windows Registry
  • NETMON - Makes it possible to parse NetMon .cap capture files
  • ETW - Reads Event Tracing for Windows log files and live sessions

SQL Engine Improvements

  • Exponential performance improvement in SELECT DISTINCT and GROUP BY queries
  • "CASE" (simple-form) statement in the SELECT clause, e.g. "SELECT CASE myField WHEN 'value1' THEN '0' WHEN 'value2' THEN '1' ELSE '-1' END"
  • "BETWEEN" operator in the WHERE and HAVING clauses
  • "WITH ROLLUP" functionality in the GROUP BY clause
  • "DISTINCT" in aggregate functions (when no GROUP BY clause is specified)
  • "PROPSUM(...) [ ON <fields> ]" and "PROPCOUNT(...) [ ON <fields> ]" aggregate functions (these functions calculate the ratio between the SUM or COUNT functions on a field and the SUM or COUNT functions on the same field in a hierarchically higher group)
  • "USING" clause for declaring temporary field-expressions
  • Fields and Aliases are now case-insensitive

Date and Time Formats

  • l (milliseconds - lower case 'L')
  • n (nanoseconds)
  • tt (AM/PM)
  • ? (any character)

General Improvements

  • .sql files can now take parameters, e.g. "logparser -file:myquery.sql?param1=value1+param2=value2"
  • Enabled permanent override the default values for global options, input format options, and output format options, e.g. "logparser -e:10 -o:NAT -rtp:-1 -savedefaults"
  • Input I/O performance improvement for text files

Output Formats

  • CHART - Creates chart image files (requires Microsoft Office 2000 or later)
  • TSV - Writes tab- and space- separated values text files
  • SYSLOG - Sends information to a SYSLOG server or to a SYSLOG-formatted text file

New Functions

  • MOD
  • BIT_AND, BIT_OR, BIT_NOT, BIT_XOR, BIT_SHL, BIT_SHR
  • EXP10, LOG10
  • ROUND, FLOOR
  • QNTROUND_TO_DIGIT, QNTFLOOR_TO_DIGIT
  • STRREPEAT
  • IN_ROW_NUMBER, OUT_ROW_NUMBER
  • ROT13
  • EXTRACT_FILENAME, EXTRACT_EXTENSION, EXTRACT_PATH
  • HEX_TO_ASC, HEX_TO_PRINT, HEX_TO_INT
  • HEX_TO_HEX8, HEX_TO_HEX16, HEX_TO_HEX32
  • IPV4_TO_INT, INT_TO_IPV4
  • HASHSEQ, HASHMD5_FILE
  • EXTRACT_PREFIX, EXTRACT_SUFFIX
  • STRCNT

Improvements to Existing Input and Output Formats

  • New parameters for most Input and Output Formats
  • NCSA input format now parses combined and extended NCSA log files
  • New "EventCategoryName" and "Data" fields to the EVT input format
  • "-recurse" option for most input formats now specifies a maximum subdirectory recursion level
  • CSV Input and Output Formats now support CSV files with double-quoted strings
  • New "FileVersion", "ProductVersion", "CompanyName", etc. fields to the FS input format
  • Enabled '*' and '?' wildcards in site name specifications for all IIS input formats, e.g. "SELECT * FROM <mysite*.com>"
  • Enabled URL's as input path for all text-based input formats, e.g. "SELECT * FROM http://www.adatum.com/table.csv"
  • Enabled environment variable names in the TPL output format sections, and added a SYSTEM_TIMESTAMP variable
  • Performance improvement in the EVT input format when reading from local and remote event logs
  • Scriptable COM interface now uses the command-line property names for all input and output formats

Related Links

Professor Windows can show you how Log Parser version 2.2 works.

Books

Microsoft Log Parser Toolkit

Authors:

  • Gabriele Giuseppini
  • Mark Burnett
  • Jeremy Faircloth
  • Dave Kleiman