Learning Log Parser Studio in two parts... (From Install to Library Ninja)

Kary Wall - Getting Started with Log Parser Studio - Part 1 & Getting Started with Log Parser Studio - Part 2

Hopefully, if you are reading this you already know what Log Parser 2.2 is and that Log Parser Studio is a graphical interface for Log Parser. Additionally, Log Parser Studio (which I will refer to from here forward simply as LPS) contains a library of pre-built queries and features that increases the usefulness and speed of using Log Parser exponentially. If you need to rip through gigabytes of all types of log files and tell a story with the results, Log Parser Studio is the tool for you!

None of this is of much use if you don’t have LPS and know how to get it up and running but luckily this is exactly what this blog post is about. So let’s get to it; the first thing you want to do of course is to download LPS and any prerequisites. The prerequisites are:

Log Parser Studio (get it here).

.NET 4.x which can be found here.

Log Parser 2.2 which is located here.

Once everything is downloaded we’ll install the prerequisites first. Run the installer for Log Parser 2.2 and make sure that you choose the “Complete” install option. The complete install option installs logparser.dll which is the only component from the install LPS actually requires:

...

Running your first query

By this point you are ready to start running queries. All queries are stored in the LPS library which is the first window you see when opening LPS. To load any query to run, just double-click it and it will open in its own tab:

...

Here are the results from my test logs after the query has completed:

Conclusion

And that’s it, you are now up and running with LPS. Just choose your logs, find a query that you want to use and click run query. The only thing you need to be aware of is that different log formats require different log types so you’ll want to make sure those match or you’ll get an error. In other words the format for IISW3C format is different than the format for an XML file and LPS needs to know this so it can pass the correct information to Log Parser in the background. Thankfully, these are already setup inside the existing queries, all you need to do is choose an IIS query for IIS logs and so on.

Most every button and interface element in LPS has a tool-tip explanation of what that button does so be sure to hover your mouse cursor over them to find out more. There is also a tips message that randomly displays how-to tips and tricks in the top-right of the main interface. You can also press F10 to display a new random tip.

You can also write your own queries, save them to the library, edit existing queries and change log types and all format parameters. There is a huge list of features in LPS both obvious and not so obvious, thusly upcoming posts will build on this and introduce you the sheer power and under-the-hood tips and tricks that LPS offers. It’s amazing how much can be accomplished once you learn how it all works and that’s what we are going to do next. :)

"In my last post, Getting Started with Log Parser Studio - Part 1, I showed how to get Log Parser Studio along with its minimal prerequisites installed, basic setup as well as running your first query. In this post I'll be taking you on a basic "getting around town" tour to help familiarize you with the LPS Query Library and managing queries. To kick things off let's take a quick look at the library.

Above we see the library that holds all the queries. It's fairly self-explanatory that its a list of all the queries that LPS manages along with a description, date modified, type of query and the query itself (all of these are not visible in the image above). All queries are prefixed with the basic category they reside in. For example a query that queries log files for an IIS website will appear in the following format: IIS: Name Of Query. This makes it easy to visually browse for the query you are looking for.

If you'll remember from my last post I mentioned that the type of query needs to match the type of log being queried. These prefixes directly or sometimes indirectly correlate to those types so if you have IISW3C logs you need queries for, then queries beginning with IIS: are the ones you want. You can also sort the queries by clicking the column header of the field you wish to sort by.

Another advantage to this is searching. Notice the search box at the top right. To quickly narrow down the visible results in the library to list only the log type you need, simply type part or all of any prefix and click the search (>) button. This is free text search of the query name field so you can search for any text contained in any query name no matter where it falls within that string. To clear the results and show all queries again click the X button or press the escape key on your keyboard.

To open any query just double-click it and it will open in it's own tab. You can also right-click a query from within the library for a list of context menu options which are as follows:

..."

LPS (Log Parser Studio) is a great tool for those who want to use Log Parser but not doing doing it everyday don't remember the command line syntax. Also the Library feature is cool and very time saving...

Here's a look at the Microsoft Log Parser from a different point of view, from the Computer Forensics' side of the house OR Check out a 'Query Analyzer/SSMS' for Log Parser called Log Parser Lizard

Log Parser Ping Graph Fun (aka “Using Log Parser to parse command line output”)
SELECT * FROM Log... with the cool tool that’s been around for years, Log Parser!

Download details: Log Parser 2.2

The Unofficial Log Parser Support Site
IIS Diagnostics Toolkit (January 2006)
SQL Server 2000 Report Pack for IIS Logs