A recent
call from a client revealed worrisome activity on their ecommerce site. The
problem was ultimately traced to a vindictive former employee, but we spent
quite a few hours investigating the situation, with the web server logs being
the biggest help during this time (you can never have too many logs). These log
files contain lots of valuable information, but combing through them can be
mind-numbing. Thankfully, there are plenty of tools available to provide
assistance; Microsoft Log Parser is my favorite, and the Log Parser Studio
provides a great interface. Here’s a look at both tools used together.

does something right

Log Parser
was developed more than a decade ago. While I have worked with other similar tools
during that time, I repeatedly return to Log Parser due to its broad support
for file types and the flexibility afforded by its SQL-like language. Log Parser is freely available from the Microsoft Download Center — it shows up as
Log Parser 2.2 under Program Files once it is installed (its help file provides
great information on usage).

By default,
Log Parser offers a command-line interface that lets you do anything and
everything needed. While it has log in its name, it can work with a vast number
of file types including, but not limited to, web server logs, Windows Event logs,
CSV files, XML, Windows registry, Active Directory, and on and on. My usage is
usually restricted to processing web server logs, but I know IT professionals who
use it with other file types.

command-line interface is powerful, but Log Parser Studio greatly simplifies using the many features of the Log Parser
tool. Figure A shows Log Parser Studio opened on my development machine with a
test library created for this article. Figure B shows a simple query executed
against web server logs on my server (it returns the top 10 rows from a specific
log file).

Figure A

The basic
Log Parser Studio interface

Figure B

Running a
basic query against a standard web server log file

The Log Parser
Studio interface is intuitive, with ribbon buttons (or icons) for standard
action along the top as shown in Figures A and B. The red exclamation mark runs
the current open query with the results shown in the middle window as Figure B
displays. There is one results area per query tab. The gray icon with double
exclamation marks (!!) allows you to run multiple items as a batch, so you are
not restricted to one query at a time. You can save data in a number of formats
including CSV, tab-delimited, XML, IIS logs, and even as a chart image.


One of Log
Parser’s best features is its usage of a SQL-like language for querying and
working with data, which is a great feature for developers who get ultimate
control over their interaction with the data. As shown earlier, Log Parser
Studio provides an easy-to-use interface for writing and executing these
queries. In Figure B, I returned the first 10 rows of a log file on my local
development server — it used the following basic query.

SELECT TOP 10 * FROM 'C:\inetpub\logs\LogFiles\W3SVC1\u_ex130813.log'

If you’re familiar
with using SQL to query databases, you might recognize this syntax.

The next
example returns the number of requests per hour from all log files (it uses
asterisks as wildcards) in a certain directory.

QUANTIZE(TO_TIMESTAMP(date, time), 3600) AS Hour Of Day,
COUNT(*) AS Total Hits
FROM 'C:\inetpub\logs\LogFiles\W3SVC1\u_ex*.log'

You may choose to save
the results of your query in a comma-separated file (CSV), which is easily
accomplished via the INTO statement as the following query demonstrates.

QUANTIZE(TO_TIMESTAMP(date, time), 3600) AS Hour Of Day,
COUNT(*) AS Total Hits
INTO ‘C:\output.csv’
FROM 'C:\inetpub\logs\LogFiles\W3SVC1\u_ex*.log'
Just to prove that it
can do more than process web server logs, here is a query that returns all of
the words in text files in the current directory ordered by the number of times
they appear.
SELECT Text, COUNT(*) AS Total
FROM *.txt

The previous example may not be very useful, but it does demonstrate
the tool’s flexibility, as well as showing what is available on the web. The
longevity of the tool means there are countless others out there using it, and
most of the queries or issues that come up have been written or solved by one
or more of them. A simple web search yields a mountain of data on usage, and
there are plenty of queries available for your use (I found the last example
via a Google search). If you’re more inclined to traditional learning methods,
you might check out the book Microsoft Log Parser Toolkit.

Easily parse
data to get what you need

Log Parser
has been around for years, and I am always surprised that many developers and
administrators are unaware of its existence. It easily integrates with Microsoft
environments, but it can process files from other environments as well. Its
versatility and flexibility with supporting numerous file formats and
ease-of-use offered by the Log Parser Studio client makes it a great tool when
researching an issue or just handling daily chores. This article offers a brief
peek at its features, but I hope it makes you consider using Log Parser the
next time you need to quickly locate information within a pile of log or other
data files.