Log Parser Studio

When I run an "events" query on a selected event log file, LPS is querying the local event log and not the file I selected under Log File Manager.  I've verified the log I want to query against is checked in the Log File Manager and the log file is the correct type for the query. 

Found my problem...

hi guys how do you check the hit count with this utility ?

Sure... To just get the hits for say all of IIS:

SELECT COUNT(*) FROM '[LOGFILEPATH]'

To get the hits for a virtual directory:

SELECT COUNT(*) FROM '[LOGFILEPATH]'
WHERE cs-uri-stem LIKE '%/myvirtualdirectory%'

Can Microsoft make LogParser 2.2 open source ? We need better ReverseDns functionality, using IP lookup table/s and probably other features like Whois or Country. I requested this for a commercial Log analyzer but was declined. Good work with LPS :-) Ta

I am getting an error when trying to run any of the IIS queries. I added my IIS log file to the log file manager and then try to run any of the IIS queries but get the following error:

Backgorund thread error: One or more errors occured.

System.Runtime.InteropServices.COMException (0x8007000D): Error setting property "icheckpoint" Invaid value "" for parameter "icheckpoint" ...

The resolution to my error was to select "W3CLOG" as the log type at the button of the query tab.

I'm try to query HttpErr files (select *), but always getting an error RPC_E_SERVERFAULT

Assuming the file is:
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri streamid sc-status s-siteid s-reason s-queuename
2016-01-03 13:05:23 ::1%0 2480 ::1%0 49154 HTTP/1.1 GET /vshub/ef9371b2b1e34398b5beba7b4e945921/SettingsServiceModule/settings?modifiedAfter=325 - 404 - NotFound -
2016-01-03 14:54:00 ::1%0 2485 ::1%0 49154 - - - - - - Timer_ConnectionIdle -

I can query the first fields without a problem, until trying to fetch cs-uri.
For some reason, selecting cs-uri returns the rest of the line ('/vshub/ef9371b2b1e34398b5beba7b4e945921/SettingsServiceModule/settings?modifiedAfter=325 - 404 - NotFound -')

This of course breaks when trying to select fields that are after cs-uri, with the above error.

Is there a reason why cs-uri is treated differently? why it ignores a space separator?

Please consider fixing this. This also fails logparser.exe

I use it for first time and immediately got some ideas to make it more productive for me. 

Hi there,

Is it possible to pass parameters into a query using LPS?

I'm not sure I understand, can you provide an example?

The W3CLOG format is not reading W3C logs correctly:

1. Tabs as field separators don't work.
The standard states:
Fields are separated by whitespace, the use of tab characters for this purpose is encouraged.

2. Double-quotes around string fields are being ignored.
The standard states:
<field> = <integer> | <fixed> | <uri> | <date> | <time> | <string>
<string>        = '"' *<schar> '"'
<schar> = xchar | '"' '"'

Just to confirm we are speaking of W3C log type and W3C logs and not IISW3C correct?

Correct

I'll test to see if this is also the case in LP 2.2 since LPS only passes the query down to LP 2.2. If it is occurring under LPS there may not be much I can do, if it doesn't occur in LP 2.2 but does occur in LPS I may be able to fix.

Whenever I try to run the EXEPC: Find requests with rpc-status or failures >0, I get a error for the Syntax on the WHERE clause. The date-time field is unknown. Other EXRPC scripts work. Do we need to remove the #Fields: from the RPC client access logs before running LPS?

Try: [#Fields: date-time] As DateTime

Kary, can you explain in more detail?

Where should be add "[#Fields: date-time] As DateTime"?

Can you give an example of what the full query should look like?

I have the same issue trying to analyze Exchange 2010 RCA logs.

Sure.... Let's assume a very simple query:

Select  [#Fields: date-time] as DateTime
FROM '[LogFilePath]'

The above will pull the date-time column only and it will be named "DateTime" in the results. Brackets can always be used when spaces are involved whether they occur in the base field name like above or if you wanted to make your output prettier for stakeholders. For example, this would also work using an IIS log as an example where we wanted whomever was reviewing the query output to see IP Address instead of c-ip...

SELECT c-ip as [IP Address]
FROM '[LogFilePath]'

Any support for log4net on the horizon?

Search the Best Companies -Please visit for More information about 
movers and packers@ http://professionalmovers.in
movers and packers Gurgaon@ http://professionalmovers.in/packers-and-movers-in-gurgaon/
 movers and packers delhi@ http://professionalmovers.in/packers-and-movers-in-delhi/ 
movers and packers Noida@ http://professionalmovers.in/packers-and-movers-in-nodia/
 movers and packers Bangalore@ http://professionalmovers.in/packers-and-movers-in-bangalore/