Sunday, August 23, 2020

Using Microsoft Log Parser for analysing log files

Using Microsoft Log Parser for analysing log files

Date: 8/23/2020

Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows® operating system such as the Event Log, the Registry, the file system, and Active Directory®.


The application has not been updated since April 20, 2005 but it is still quite useful for analyzing log files. See link below for the download location

https://www.microsoft.com/en-us/download/details.aspx?id=24659

Example queries

Show me the latest 10 reboots of the local machine. 

logparser "SELECT TOP 10 * FROM System WHERE (EventID = 12) AND (SourceName = 'Microsoft-Windows-Kernel-General') ORDER BY RecordNumber DESC" -i:EVT


Show me the latest 10 reboots of the local machine and save the result to a reboot.csv

logparser "SELECT TOP 10 * INTO C:/X/reboot.csv FROM System WHERE (EventID = 12) AND (SourceName = 'Microsoft-Windows-Kernel-General') ORDER BY RecordNumber DESC"


Show me the latest 10 reboots from a saved System event log and save the result to a CSV file

logparser "SELECT TOP 10 * INTO C:/X/reboot.csv FROM C:/X/system.evtx WHERE (EventID = 12) AND (SourceName = 'Microsoft-Windows-Kernel-General') ORDER BY RecordNumber DESC" -i:EVT

REF:2
By at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Install Winget on Windows 2022 or Windows 10 LSTC

Install Winget on Windows 2022 or Windows 10 LTSC Install Pre-reqs Install Microsoft.UI.Xaml/2.8.6 Navigate to https://www.nuget.org/pa...