Log Parser Studio 2.0 is now available

Thanks Kary!

I've been waiting for this goodie. The PowerShell export feature looks very interesting.

Thanks guys.

Congrats to MS Exchange Team on releasing LPS v2

I really hope that someone at Microsoft will work on Logparser version 3.0 too. To include new input and output formats, new features, extend LP SQL language, bug fixes, etc… Or at least MS may publish it as an open source project on CodePlex so we could all contribute to its future development. Such tools are rare gems for IT professionals so it would be shame to let them be forgotten.

Best wishes from the developers of Log Parser Lizard :)

www.lizard-labs.net/log_parser_lizard.aspx

Has anyone mentioned that your PowerShell scripts are flawed? You can't mark every parameter as ValueFromPipeline=$true -- it's max one per parameter set.  Maybe you meant ValueFromPipelineByPropertyName=$true ... but even that won't do much good if you don't put the logic of your script into a process{ ... } block.

Hi Joel,

You are correct. Additionally, the scripts weren't designed to process pipeline objects at all so ValueFromPipeline needs to be removed altogether. In the interim, the scripts should still work as-is with the caveat that it is a new and evolving feature. Thanks for the good catch.

Is there any way to tell LPS to only query logs from within a certain date range even if there are more Logs in the folder then the window you would like to query?

Hi Richard,

There is provided the log has dates/time fields but the query itself is what determines the range. I'll post an example once I get freed up to do so.

@Richard

I add the following to my WHERE statement whenever I want just the last hour of logs to be queried.  You could modify this to include a range as well.

WHERE TO_LOCALTIME(TO_TIMESTAMP(date, time)) >= SUB( TO_LOCALTIME(SYSTEM_TIMESTAMP()), TIMESTAMP('0000-01-01 01:00', 'yyyy-MM-dd HH:mm') )

the 01:00 portion is what I change to 06:00 if I want the last 6 hours instead of 1.

Congratulations!

We are using IIS advanced logging because of X-forwaded-For value passed by our HW LB.

Even LPS2 doesn't support the advanced logs which have some of the values double quoted.

Do yo plan to fix this? I can imagine there is plenty of enterprise admins whoo will benefit from this.

thanks in advance

Lubomir

Hi Lubomir,

LPS can query advanced IIS logs but they are in TSV format and may require a custom header file. I'll blog instructions on how to do this soon.

Kary

The powershell script seems to add an extra character to every field when exporting to csv file. Is there a work around?

@John B

It's a tab being appended after the comma. This appears to be a discrepancy between LP 2.2's interpretation of the CSV Output Format parameters data types and how PowerShell passes those parameters to LP 2.2. The LP 2.2 documentation suggests the following for the "tabs" parameter:

============

Tabs Parameter

============

Values: ON | OFF

Default: OFF

Description: Write a tab character after each comma separator.

Details: Setting this parameter to "ON" causes the CSV output format to write a tab character after each comma field separator, in order to improve readability of the CSV output.

However, from within PowerShell (via testing based on your question), a zero must be passed instead of "OFF". I will update LPS to account for this when generating scripts in the near future.

In the interim the workaround would be to change the tabs parameter to 0 instead of "OFF" in the script where the OutputParams are evaluated; the tabs parameter is approximately on line #66 in the script:

Change $OutputFormat.tabs="OFF" to $OutputFormat.tabs=0 and save the script.

After making the change the additional tab character should no longer appear in the output. As mentioned, I'll update the script template in LPS and update the download soon but try this as a workaround for now. Thanks for finding this.

@Lubomir

Here is a temporary workaround for IIS Advanced Logging in LPS. Try this out and I'll get the double-quotes option enabled as soon as I finish testing:

blogs.technet.com/.../log-parser-studio-and-iis-advanced-logging.aspx

Dear All,

thanks for creating a tool that actually looks friendly as well as being usable.

This is the first time I've blundered around the features and I'd dearly appreciate some guidance / advice on handling ETL (Exchange Trace Log ?) files. I'm trying to understand why some calendar invitations are not working as expected.

I've looked through the previous comments and the helpful hints, but haven't identified the setup that I think should be the one for me.

Many thanks :)