Quite often, we receive log files for analysis which are simply HUGE!!! We try opening that in Notepad and it hangs. After n minutes, we kill the notepad, try MS Excel and that hangs as well. Sometimes, MS Excel shows “File not loaded completely”. Painful, isn’t it??
OKAY, what’s the point?? We are wasting time in trying to open the files in the first place!!!
So, I have a Filemon Log of 500 MB and I want to search the file for the lines which contain “Access Denied”. Why am I trying to open that file to find out just a few lines containing the string I am interested in? May be because we are used to CTRL+F. Is there a way out??? Yes, there is… and in comes Log Parser. Download it from http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en and run the setup.
Now, we will see how to use Log Parser to parse the file without opening it. The filename is Filemon.log and it is located in C:\. All I am interested in, is to find the lines which contain the string “Access Denied” WITHOUT opening the Filemon.log, because none of the software is responding in a timely manner (due to the size factor). You need to start the Log Parser and you will see a command line interface. Type the following and hit enter…
LOGPARSER “Select Text from C:\Filemon.log where Text like ‘%Access Denied%'” -i:TEXTLINE -q:Off
You will see an output in a similar format as follows…
7447 1:49:24 PM explorer.exe:1200 DIRECTORY C:\ Access Denied
Elements processed: 640444
Elements output: 1
Execution time: 12.75 seconds
Not bad at all…
By the way, there are tonnes of native log files like IIS Log files, CSV, TSV, URLSCAN, REG(istry), FS (Filesystem), XML, etc which the Logparser can parse for you in a more robust fashion. Go through the documentation that comes along with the log parser. This is one of the tools which you will definitely like to master and keep it in your arsenal of tools for troubleshooting various kind of issues.