Commands and Queries
When using the command-line executable, Log Parser works on commands supplied by the user.
Each command has five distinct components:
- The Input Format to use;
- Optional parameters for the Input Format;
- The Output Format to use;
- Optional parameters for the Output Format;
- The SQL query that processes the records generated by the Input Format and produces records for the Output Format.
For example, let's consider the following simple command:
C:\>LogParser -i:EVT -fullText:OFF -o:CSV -tabs:OFF "SELECT * INTO output.csv FROM SYSTEM"The command above is structured as follows:
- The EVT Input Format is selected using the -i:<Input Format name> parameter;
- Its "fullText" parameter is set to the "OFF" value;
- The CSV Output Format is selected using the -o:<Output Format name> parameter;
- Its "tabs" parameter is set to the "OFF" value;
- The SQL query is "SELECT * INTO output.csv FROM SYSTEM", which specifies that all records generated from the System Event Log should be sent directly to the Output Format with no further processing.
In some cases, it might not be necessary to specify the Input Format. In the example command above, the value of the FROM clause is "SYSTEM",
which is the name of a standard Windows Event Log; this name is automatically recognized by Log Parser as a candidate for the EVT Input Format,
so we can avoid specifying the Input Format name altogether:
C:\>LogParser -fullText:OFF -o:CSV -tabs:OFF "SELECT * INTO output.csv FROM SYSTEM"As examples of other values of FROM clauses that can be recognized by Log Parser, the IISW3C Input Format is selected automatically when the filename in the FROM clause starts with "ex" and has the ".log" extension, and the XML Input Format is selected automatically when the filename has the ".xml" extension.
The same applies to Output Formats: in the example command above, the filename in the INTO clause has the "csv" extension,
thus selecting automatically the CSV Output Format; the same command can therefore be typed as:
C:\>LogParser -fullText:OFF -tabs:OFF "SELECT * INTO output.csv FROM SYSTEM"When an Output Format is not specified, and the SQL query does not contain an INTO clause Log Parser automatically selects the NAT Output Format, which prints the results of the query to the console window.
These examples show the minimal Log Parser command is made up of the SQL query alone. In most cases the Input and Output formats can be deducted automatically from the INTO and FROM clauses of the query; however, it is a recommended good practice to always explicitly specify the Input and Output formats using the -i and -o parameters.