Sign in
 
HomeLibraryWikiLearnGalleryDownloadsSupportForumsBlogs

Log Parser Studio

Log Parser Studio is a utility that allows you to search through and create reports from your IIS, Event, EXADB and others types of logs. It builds on top of Log Parser 2.2 and has a full user interface for easy creation and management of related SQL queries.

LPSV2.D2.zip
 
 
 
 
 
4.6 Star
(138)
302,942 times
Add to favorites
Exchange
12/12/2014
E-mail Twitter del.icio.us Digg Facebook
Report abuse to Microsoft
Sign in to ask a question

  • Answer the question | Hide
    LogParser Open Source
    1 Posts | Last post September 17, 2016
    • Written September 17, 2016 
      Can Microsoft make LogParser 2.2 open source ? We need better ReverseDns functionality, using IP lookup table/s and probably other features like Whois or Country. I requested this for a commercial Log analyzer but was declined. Good work with LPS :-) Ta
  • Answer the question | Hide
    Error when trying to query IIS log
    2 Posts | Last post August 25, 2016
    • Written August 25, 2016 
      I am getting an error when trying to run any of the IIS queries. I added my IIS log file to the log file manager and then try to run any of the IIS queries but get the following error:

Backgorund thread error: One or more errors occured.

System.Runtime.InteropServices.COMException (0x8007000D): Error setting property "icheckpoint" Invaid value "" for parameter "icheckpoint" ...
    • Written August 25, 2016 
      The resolution to my error was to select "W3CLOG" as the log type at the button of the query tab.
  • Answer the question | Hide
    Failed on querying httperr logs
    1 Posts | Last post June 21, 2016
    • Written June 21, 2016 
      I'm try to query HttpErr files (select *), but always getting an error RPC_E_SERVERFAULT

Assuming the file is:
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri streamid sc-status s-siteid s-reason s-queuename
2016-01-03 13:05:23 ::1%0 2480 ::1%0 49154 HTTP/1.1 GET /vshub/ef9371b2b1e34398b5beba7b4e945921/SettingsServiceModule/settings?modifiedAfter=325 - 404 - NotFound -
2016-01-03 14:54:00 ::1%0 2485 ::1%0 49154 - - - - - - Timer_ConnectionIdle -

I can query the first fields without a problem, until trying to fetch cs-uri.
For some reason, selecting cs-uri returns the rest of the line ('/vshub/ef9371b2b1e34398b5beba7b4e945921/SettingsServiceModule/settings?modifiedAfter=325 - 404 - NotFound -')

This of course breaks when trying to select fields that are after cs-uri, with the above error.

Is there a reason why cs-uri is treated differently? why it ignores a space separator?

Please consider fixing this. This also fails logparser.exe
  • Answer the question | Hide
    Can you open source it?
    1 Posts | Last post June 14, 2016
    • Written June 14, 2016 
      I use it for first time and immediately got some ideas to make it more productive for me.
  • Answer the question | Hide
    Passing Parameters
    2 Posts | Last post May 17, 2016
    • Written May 09, 2016 
      Hi there,

Is it possible to pass parameters into a query using LPS?
    • Written May 17, 2016 
      I'm not sure I understand, can you provide an example?
  • Answer the question | Hide
    [BUG] W3CLOG Format is Broken
    4 Posts | Last post October 30, 2015
    • Written January 14, 2015 
      The W3CLOG format is not reading W3C logs correctly:

1. Tabs as field separators don't work.
The standard states:
Fields are separated by whitespace, the use of tab characters for this purpose is encouraged.

2. Double-quotes around string fields are being ignored.
The standard states:
<field> = <integer> | <fixed> | <uri> | <date> | <time> | <string>
<string>        = '"' *<schar> '"'
<schar> = xchar | '"' '"'
    • Written April 20, 2015 
      Just to confirm we are speaking of W3C log type and W3C logs and not IISW3C correct?
    • Written May 09, 2015 
      Correct
    • Written October 30, 2015 
      I'll test to see if this is also the case in LP 2.2 since LPS only passes the query down to LP 2.2. If it is occurring under LPS there may not be much I can do, if it doesn't occur in LP 2.2 but does occur in LPS I may be able to fix.
  • Answer the question | Hide
    EXRPC: Find req. w/ RPC-status or failures>0 not working
    4 Posts | Last post October 30, 2015
    • Written February 03, 2015 
      Whenever I try to run the EXEPC: Find requests with rpc-status or failures >0, I get a error for the Syntax on the WHERE clause. The date-time field is unknown. Other EXRPC scripts work. Do we need to remove the #Fields: from the RPC client access logs before running LPS?
    • Written April 20, 2015 
      Try: [#Fields: date-time] As DateTime
    • Written October 26, 2015 
      Kary, can you explain in more detail?

Where should be add "[#Fields: date-time] As DateTime"?

Can you give an example of what the full query should look like?

I have the same issue trying to analyze Exchange 2010 RCA logs.
    • Written October 30, 2015 
      Sure.... Let's assume a very simple query:

Select  [#Fields: date-time] as DateTime
FROM '[LogFilePath]'

The above will pull the date-time column only and it will be named "DateTime" in the results. Brackets can always be used when spaces are involved whether they occur in the base field name like above or if you wanted to make your output prettier for stakeholders. For example, this would also work using an IIS log as an example where we wanted whomever was reviewing the query output to see IP Address instead of c-ip...

SELECT c-ip as [IP Address]
FROM '[LogFilePath]'
  • Answer the question | Hide
    log4net
    2 Posts | Last post August 22, 2015
    • Written June 19, 2015 
      Any support for log4net on the horizon?
    • Written August 22, 2015 
      Search the Best Companies -Please visit for More information about 
movers and packers@ http://professionalmovers.in
movers and packers Gurgaon@ http://professionalmovers.in/packers-and-movers-in-gurgaon/
 movers and packers delhi@ http://professionalmovers.in/packers-and-movers-in-delhi/ 
movers and packers Noida@ http://professionalmovers.in/packers-and-movers-in-nodia/
 movers and packers Bangalore@ http://professionalmovers.in/packers-and-movers-in-bangalore/
  • Answer the question | Hide
    IISLog format
    2 Posts | Last post April 20, 2015
    • Written July 30, 2014 
      When I use LPS with a IIS log in IIS format the date and time display as 1/1/2000 when I run the same query in log parser 2.2 the date and time are shown correctly.
    • Written April 20, 2015 
      For now it needs to be removed as part of the query.
  • Answer the question | Hide
    IIS Advanced Logging - can't get to work
    2 Posts | Last post April 20, 2015
    • Written October 25, 2014 
      I have LPSV2.D1, selected Log Type IISW3CLOG, set UseDoubleQuotes to True

SELECT TOP 10 * FROM '[LOGFILEPATH]'

I get LogFilename and LogRow columns populated but all other columns are empty.

I've tried to use the TSV format workaround but REPLACE_STR(cs(User-Agent),'""', '') as UserAgent only catches the first space so I still get the user agent split into other fields.

I tried to export to PowerShell but I get 'Object reference not set to an instance of an object' (if I export the simpler IISW3CLOG query that exports ok).

Am I missing something?
    • Written April 20, 2015 
      See this blog post:
http://blogs.technet.com/b/karywa/archive/2013/06/28/log-parser-studio-and-iis-advanced-logging.aspx
11 - 20 of 66 Items   
« First   < Prev   1   2  3  4  5  6  7    Next >   Last »