Query IIS logs with extra fields using LogParser

iis logparser
alex2k8 picture alex2k8 · Feb 15, 2009 · Viewed 7.7k times · Source

I have IIS log with extra field 'foo'. 

#Fields: foo date s-sitename ...
foo1 2009-02-15 W3SVC1 ...
foo2 2009-02-15 W3SVC1 ...

As result all LogParser queries are broken:

logparser -i:IISW3C  "SELECT c-ip, s-ip FROM my.log"

Statistics:
-----------
Elements processed: 0
Elements output:    0
Execution time:     0.00 seconds

Is it possible to inform LogParser about such extra fields, so it can parse IIS files?

Answer

jdigital picture jdigital · Feb 15, 2009

Try W3C format (-i:W3C).

If that doesn't work and this is a one-time analysis, you could create a script to strip out that column. If this is an ongoing activity, you might want to consider using a standard format, or at least moving the extra field to the end.

By the way LogParser does support custom input formats.

Related questions

Get browser name and version from IIS log file in Log Parser

I am looking for find out the browser name and version, OS name and version from User Agent field of IIS log file through Log parser query. As the User-Agent string has different format for every browser and device how …

Read More
Config Error: This configuration section cannot be used at this path

I've encountered an error deploying a site to a server. When trying to load the home page, or access authentication on the new site in IIS, I get the error: Config Error: This configuration section cannot be used at this …

Read More
How to create .pfx file from certificate and private key?

I need .pfx file to install https on website on IIS. I have two separate files: certificate (.cer or pem) and private key (.crt) but IIS accepts only .pfx files. I obviously installed certificate and it is available in certificate …

Read More