EVT Input Format Examples
Logons
Create an XML report file containing logon account names and dates from the
Security Event Log:
LogParser "SELECT TimeGenerated AS LogonDate, EXTRACT_TOKEN(Strings, 0, '|') AS Account INTO Report.xml FROM Security WHERE EventID NOT IN (541;542;543) AND EventType = 8 AND EventCategory = 2"
Event Distribution
Retrieve the distribution of EventID values for each Event Source:
LogParser "SELECT SourceName, EventID, MUL(PROPCOUNT(*) ON (SourceName), 100.0) AS Percent FROM System GROUP BY SourceName, EventID ORDER BY SourceName, Percent DESC"
Event Message Report
Create TSV files containing Event Messages for each Source in the Application Event Log:
LogParser "SELECT SourceName, Message INTO myFile_*.tsv FROM \\MYSERVER1\Application, \\MYSERVER2\Application"
© 2004 Microsoft Corporation. All rights reserved.