Combine Log parser from, to, ip, dns name and hits, order by hits I can't make it

%3CLINGO-SUB%20id%3D%22lingo-sub-1504106%22%20slang%3D%22en-US%22%3ECombine%20Log%20parser%20from%2C%20to%2C%20ip%2C%20dns%20name%20and%20hits%2C%20order%20by%20hits%20I%20can't%20make%20it%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1504106%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20I%20don't%20know%20if%20it's%20possible%2C%20but%20I%20need%20combine%20in%20Log%20Parser%20%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFROM%2C%20TO%2C%20IP%2C%20DNS%20NAME%2C%20HITS%3C%2FP%3E%3CP%3Ex%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20x%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3Bx%26nbsp%3B%20%26nbsp%3Bx%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%2010000%3C%2FP%3E%3CP%3Ex%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3Bx%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3Bx%26nbsp%3B%20%26nbsp%3Bx%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B9999%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3Bx%20(if%20more%20with%20the%20same%20sender%20and%20receiver)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20try%20it%20this%20codes.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-powershell%22%3E%3CCODE%3E.%2Flogparser.exe%20%22SELECT%20EXTRACT_PREFIX(remote-endpoint%2C0%2C'%3A')%20as%20IP%2CREVERSEDNS(EXTRACT_PREFIX(remote-endpoint%2C0%2C'%3A'))%20as%20Name%2CCount(*)%20as%20Hits%20from%20'C%3A%5CProgram%20Files%5CMicrosoft%5CExchange%20Server%5CV14%5CTransportRoles%5CLogs%5CProtocolLog%5CSmtpSend%5C*.log'%20WHERE%20data%20LIKE%20'%25EHLO%25'%20GROUP%20BY%20IP%20ORDER%20BY%20Hits%20DESC%22%20-i%3ACSV%20-nSkipLines%3A4%20-rtp%3A-1%20%26gt%3B%26gt%3B%20C%3A%5CTemp%5CES-DSS-SMTPSend_MAILFLOW07032020_01.csv%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eand%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-powershell%22%3E%3CCODE%3E.%2Flogparser.exe%20%22SELECT%20data%2CCount(*)%20as%20Hits%20from%20'C%3A%5CProgram%20Files%5CMicrosoft%5CExchange%20Server%5CV14%5CTransportRoles%5CLogs%5CProtocolLog%5CSmtpSend%5C*.log'%20WHERE%20data%20LIKE%20'%25MAIL%20FROM%25'%20or%20data%20LIKE%20'%25RCPT%20TO%25'%20GROUP%20BY%20data%20ORDER%20BY%20Hits%20DESC%22%20-i%3ACSV%20-nSkipLines%3A4%20-rtp%3A-1%20%26gt%3B%26gt%3B%20C%3A%5Ctemp%5CES-DSS-SMTPSend_MAILFLOW07032020.csv%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20don't%20know%20how%20combine%20or%20make%20a%20Select%20into%20another%20select.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EThanks%20and%20regards%2C%3C%2FP%3E%3CP%3ETom%C3%A1s%20Esteban%20Corey%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1504106%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ELog%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

Hello,

        I don't know if it's possible, but I need combine in Log Parser :

 

FROM, TO, IP, DNS NAME, HITS

x         x     x   x                      10000

x         x     x   x                       9999

           x (if more with the same sender and receiver)

 

I try it this codes.

 

./logparser.exe "SELECT EXTRACT_PREFIX(remote-endpoint,0,':') as IP,REVERSEDNS(EXTRACT_PREFIX(remote-endpoint,0,':')) as Name,Count(*) as Hits from 'C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpSend\*.log' WHERE data LIKE '%EHLO%' GROUP BY IP ORDER BY Hits DESC" -i:CSV -nSkipLines:4 -rtp:-1 >> C:\Temp\ES-DSS-SMTPSend_MAILFLOW07032020_01.csv

 

and

 

./logparser.exe "SELECT data,Count(*) as Hits from 'C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpSend\*.log' WHERE data LIKE '%MAIL FROM%' or data LIKE '%RCPT TO%' GROUP BY data ORDER BY Hits DESC" -i:CSV -nSkipLines:4 -rtp:-1 >> C:\temp\ES-DSS-SMTPSend_MAILFLOW07032020.csv

 

I don't know how combine or make a Select into another select.


Thanks and regards,

Tomás Esteban Corey 

2 Replies

Any?, please I really need. I'm trying about for 7 days to make it.

Thanks and Regards,

Tomás Esteban Corey