Query Syntax

Log Parser

previous page next page

Query Syntax

<query> ::= <select_clause> [ <using_clause> ]
[ <into_clause> ]
<from_clause>
[ <where_clause> ]
[ <group_by_clause> ]
[ <having_clause> ]
[ <order_by_clause> ]

Remarks:

  • A query can include comments, that is, user-provided text not evaluated by Log Parser, used to document code or temporarily disable parts of query statements.
    For more information, read the Comments Reference.


Examples:

A. Minimal query

The following example shows the minimal query that can be written with the Log Parser SQL-Like language, making use of the SELECT and FROM clauses only: 
SELECT TimeGenerated, SourceName
FROM   System

B. Complete query

The following example shows a complete query that makes use of all the clauses in the Log Parser SQL-Like language: 
SELECT   TypeName, COUNT(*) AS TotalCount
USING    TO_UPPERCASE( EXTRACT_TOKEN(EventTypeName, 0, ' ') ) AS TypeName
INTO     Report.csv
FROM     System
WHERE    TypeName LIKE '%service%'
GROUP BY TypeName
HAVING   TotalCount > 5
ORDER BY TotalCount DESC


See also:

SELECT
USING
INTO
FROM
WHERE
GROUP BY
HAVING
ORDER BY

Comments

© 2004 Microsoft Corporation. All rights reserved.

previous page start next page