Logparser 2.1 challenge

B

Blake

Hello, I'm using the latest version of logparser. I have one large
log file which contains multiple days of log information. I want to
loop through this large log file and when the date changes create a
file with the current days log info and name the file with the date in
it(ex. ex041027.log).

For example, if I have 5 days of log information in one large file I
need 5 files with the corresponding log info in them.

Here is what I have:
FOR %%f IN (*.log) DO LogParser -i:IISW3C "SELECT date, c-ip,
cs-username, cs-method, cs-uri-stem, cs-uri-query, sc-status,
sc-bytes, cs-version, cs(User-Agent), cs(Referer) from
c:\Inetpub\AdminScripts\*.log ORDER BY date DESC" -o:CSV>date.txt
 
M

Matthias Tacke

Blake wrote:
Hi Blake,
I don't know Logparser well but there are some flaws in your code
and IMO you should modify your query to let logparser do the work.
For example, if I have 5 days of log information in one large file I
need 5 files with the corresponding log info in them.

Here is what I have:
FOR %%f IN (*.log) DO LogParser -i:IISW3C "SELECT date, c-ip,
cs-username, cs-method, cs-uri-stem, cs-uri-query, sc-status,
sc-bytes, cs-version, cs(User-Agent), cs(Referer) from
c:\Inetpub\AdminScripts\*.log ORDER BY date DESC" -o:CSV>date.txt
Click to expand...

This may work if the first field with the date is not quoted.
You may vary month, day, year by reordering %%A, %%B and %%C.

::Log2Date.cmd:::::::::::::::::::::::::::::::::::::::::::::::::::::::
@echo off&setlocal
set "fields=date, c-ip, cs-username, cs-method, cs-uri-stem"
set "fields=%fields%, cs-uri-query, sc-status, sc-bytes, cs-version"
set "fields=%fields%, cs(User-Agent), cs(Referer)"
set "files=c:\Inetpub\AdminScripts\*.log"
set "ord=ORDER BY date DESC"
set "fmt=-o:CSV"

FOR /f "tokens=1-3,* delims=,/" %%fA IN (
'LogParser -i:IISW3C "SELECT %fields% from %files% %ord%" %fmt%'
) do echo.%%A/%%B/%%C,%%D>>"%%A%%B%%C.txt"
::Log2Date.cmd:::::::::::::::::::::::::::::::::::::::::::::::::::::::

HTH
 
M

Matthias Tacke

Matthias Tacke said:
Blake wrote:
Hi Blake,
I don't know Logparser well but there are some flaws in your code
and IMO you should modify your query to let logparser do the work.
Click to expand...
My above assumption is correct.
Take a look at the help file of the iis6.0 reskit tools.
The multiplex feature needs it's filenaming argument as the first select
field (it is not contained in the output) it is used to replace an
asterisk in the TO clause.

HTH
 
M

Matthias Tacke

Matthias Tacke said:
My above assumption is correct.
Take a look at the help file of the iis6.0 reskit tools.
The multiplex feature needs it's filenaming argument as the first select
field (it is not contained in the output) it is used to replace an
asterisk in the TO clause.
Click to expand...
A similar select on the eventlog worked here.(Can't test iis in lieu of)

::Log2Date.cmd:::::::::::::::::::::::::::::::::::::::::::::::::::::::
@echo off&setlocal
set fields=TO_STRING(date,'yyyyMMdd'), date, c-ip, cs-username
set fields=%fields%, cs-method, cs-uri-stem, cs-uri-query, sc-status
set fields=%fields%, sc-bytes, cs-version, cs(User-Agent), cs(Referer)
set "files=c:\Inetpub\AdminScripts\*.log"
set "to=Log*.txt"

LogParser -i:IISW3C -o:csv "SELECT %fields% FROM %files% TO %to%"

::Log2Date.cmd:::::::::::::::::::::::::::::::::::::::::::::::::::::::

HTH
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Millions of HTTP 302 Code Entries 1
loop through code and refernce text file for info 1
importing IIS Logs into Access 2003 2
Problem with Web Folder (webdav) and UrlScan 2
CLIENTS NOT UPDATING 3
Can't run ASP.NET v1.1 2
Error message I don't understand (newbie Q) 3
LogParser 2.1 REPLACE_IF_NULL 2

Top