Sunday, August 23, 2020

Using Microsoft Log Parser for analysing log files

Using Microsoft Log Parser for analysing log files

Date: 8/23/2020

Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows® operating system such as the Event Log, the Registry, the file system, and Active Directory®.


The application has not been updated since April 20, 2005 but it is still quite useful for analyzing log files. See link below for the download location

https://www.microsoft.com/en-us/download/details.aspx?id=24659

Example queries

Show me the latest 10 reboots of the local machine. 

logparser "SELECT TOP 10 * FROM System WHERE (EventID = 12) AND (SourceName = 'Microsoft-Windows-Kernel-General') ORDER BY RecordNumber DESC" -i:EVT


Show me the latest 10 reboots of the local machine and save the result to a reboot.csv

logparser "SELECT TOP 10 * INTO C:/X/reboot.csv FROM System WHERE (EventID = 12) AND (SourceName = 'Microsoft-Windows-Kernel-General') ORDER BY RecordNumber DESC"


Show me the latest 10 reboots from a saved System event log and save the result to a CSV file

logparser "SELECT TOP 10 * INTO C:/X/reboot.csv FROM C:/X/system.evtx WHERE (EventID = 12) AND (SourceName = 'Microsoft-Windows-Kernel-General') ORDER BY RecordNumber DESC" -i:EVT

REF:2
By at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Installing TigerVNC in Ubuntu 24.04

Installing TigerVNC in Ubuntu 24.04 Ubuntu 24.04 supports RPD protocol but it behaves in a way that is not fit for my needs. The Desktop Sh...