Log parser output to text file

Asked by:. Archived Forums. General Discussion for Logparser. Sign in to vote. User posted I'm trying to query a text file and build an output that includes inserted text in selected fields. I'm running this query in vbscript so I would really like to assign variables and insert those into the query so I can loop through all my servers.

The following query would parse this data and summarize by two of the calculated properties. The first line splits the RawData property into a string array. Each of the next lines gives a name to individual properties and adds them to the output using functions to convert them to the appropriate data type. If your data is formatted in a known structure, you may be able to use one of the functions in the Kusto query language for parsing predefined structures:. It saves the results to a dynamic property called parsedProp , which includes the individual named value in the JSON.

These values are used to filter and summarize the query results. These parsing functions can be processor intensive, so they should be used only when your query uses multiple properties from the formatted data. Otherwise, simple pattern matching processing will be faster.

The following example shows the breakdown of domain controller TGT Preauth type. The type exists only in the EventData field, which is an XML string, but no other data from this field is needed. In this case, parse is used to pick out the required piece of data. You may have multiple queries that perform the same parsing of a particular table. In this case, create a function that returns the parsed data instead of replicating the parsing logic in each query.

Fortnightly newsletters help sharpen your skills and keep you ahead, with articles, ebooks and opinion to keep you informed. If you would like to find your nearest user group or just want to say hello then he would love to get an email from you.

View all articles by Jonathan Allen. Home Blogs Using LogParser — part 2. Input and Output file formats. NAT : formats output records as readable tabulated columns. CSV : formats output records as comma-separated values text. TSV : formats output records as tab-separated or space-separated values text. July 13, Leave a comment. For background on the tool and lots of examples , start here.

Each field should include only the field value and not the field name. Notice that the original file has no header, the fields are separated with spaces, and the field name is part of each field i.

This produces a file named MyLogTemp. In fact is has added some stuff that is not relevant the Filename and RowNumber columns , while leaving field names in each fields and maintaining the space field separator. The input and output specifications in this command are similar to those in Step 1, except here the input file has headers -headerRow:ON and the output file is tab-separated -oSeparator:tab instead of space-separated. This produces the final result in a file named MyLogTransformed.