Oct 072013
 
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

When you need quick analysis of your traffic logs you won’t find an better tool than Microsoft’s free Log Parser. With Log Parser you can read a variety of log files including the Registry and Windows event logs. It’s ease of use comes from using SQL queries against your log file. You can get your data even faster by using multiple log parser queries in a batch file.

image

The other day I was helping someone who needed some “top 10” data from their site’s log. Since I had these in my trusty batch file I could provide the text reports within seconds. However, I like to offer a little more pizzazz when possible so this time I decided use Log Parser’s native charting capability to output the results with some nice charts.  As the saying goes a picture is worth a thousand words.

Here’s the query I used to create the chart above:

logparser.exe -i:iisw3c "select top 10 cs-uri-stem, count(*)  into top10requests.gif 
from <file> group by cs-uri-stem order by count(*) desc" 
-o:CHART -chartType:pieexploded3d -categories:off -chartTitle:"Top 10 Requests"

 

Installing Office Web Components

Charting is a native feature of Log Parser however there is a dependency for Office 2003 Add-in: Office Web Components. Depending on where you are running Log Parser the first time you try to output your query to a chart you may see this error message:

Error creating output format “CHART”: This output format requires a licensed Microsoft Office Chart Web Component to be installed on the local machine

If you didn’t see the error above then you’re all set but if you saw the error then it will be necessary to install the Office Web Components before you can start outputting charts. Once you’ve downloaded the file just accept the License Agreement and click Install.

image

The installation runs quickly. Click OK to close the window.

image

 

Example Log Parser Reports with Charts

Now you’re ready to start creating some colorful charts. The most useful parameters in my opinion are –chartType, –chartTitle, –categories, –values, and –legend. There are some 20+ chart types that you can choose from including:  Pie, PieExploded, PieExlpoded3D, LineStacked, Line3D, BarClustered, ColumnClustered, Smooothline. The default chart type is Line.  To see all the possible chart options run this simple command:

LogParser -h -o:CHART

To take your charts to the highest level of customization you can use an external configuration script with Jscript or VBscript . Take a look at the MSDN ChartSpace Object Model documentation for more information.

Here are a few different charts with various options.

image

logparser.exe -i:iisw3c "select top 10 cs-uri-stem, count(*)  into top10requests.gif 
from x.log group by cs-uri-stem order by count(*) desc" 
-o:CHART -chartType:pieexploded3d -categories:off -chartTitle:"Top 10 Requests"

 

 

image

logparser.exe -i:iisw3c "select top 10 sc-status, count(*)  into top10errorcodes.gif 
from x.log group by sc-status having sc-status not in ('200') order by count(*) desc" 
-o:CHART -chartType:column3d -categories:on -values:on -chartTitle:"Top Status Codes"

 

 

image

logparser.exe -i:iisw3c "select top 10 cs-uri-stem, count(*)  into top10_404.gif 
from x.log group by cs-uri-stem, sc-status having sc-status in ('404') order by count(*) desc" 
-o:CHART -chartType:BarClustered3D -values:on -categories:on -chartTitle:"Top 10 404 Status"

 

image

logparser.exe -i:iisw3c "select quantize(time, 60) as TimeGenerated, count(*) as Hits into 
hitsperminute.gif from %1 group by TimeGenerated" -o:chart -chartType:Line –chartTitle:"Hits per Minute"

 

 

 

image

 

logparser.exe -i:iisw3c "SELECT TOP 10 cs-uri-stem AS RequestedFile, COUNT(*) AS TotalHits, 
MAX(time-taken) AS MaxTime, AVG(time-taken) AS AvgTime into slow.gif from x.log 
where EXTRACT_FILENAME(cs-uri-stem) not in('%begin%') GROUP BY cs-uri-stem ORDER BY MaxTime, TotalHits DESC" 
-o:CHART -chartType:barclustered3d -values:off -categories:on -chartTitle:"Top 10 Slowest Requests"

 

In Summary

Microsoft’s Log Parser is a powerful tool for log file analysis. You can use it to analyze text files, csv files, Window’s event logs and even the Windows Registry.  You can make boring reports come alive with colorful charts.  There is a dependency on Office Web Components for charting to work but that is easily solved. Thanks for reading.

 Leave a Reply

(required)

(required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>