[JM] 7/4/2009, Using the [LogParser]'s scriptable COM with Tcl:

%|Example|1|%
&|Input|Windows Event Log|&
&|Output|CSV file|&
&|Mode|Batch Mode|&


 package require tcom
 console show

 set oLogQuery [::tcom::ref createobject "MSUtil.LogQuery"]

 set oEVTInputFormat [::tcom::ref createobject "MSUtil.LogQuery.EventLogInputFormat"]
 $oEVTInputFormat direction "BW"

 set oCSVOutputFormat [::tcom::ref createobject "MSUtil.LogQuery.CSVOutputFormat"]
 $oCSVOutputFormat tabs true

 set strQuery "SELECT TimeGenerated, EventID INTO C:\\output.csv FROM System"
 append strQuery " WHERE SourceName = 'Application Popup'"

 $oLogQuery ExecuteBatch $strQuery $oEVTInputFormat $oCSVOutputFormat

after running this example, the following file will be created:<<br>>c:\output.csv<<br>>

----
%|Example|2|%
&|Input|Windows File System|&
&|Output|Tcl script itself|&
&|Mode|Interactive Mode|&


This example displays the 10 largest files on the C: drive:

 package require tcom
 console show

 set lgp [tcom::ref createobject MSUtil.LogQuery]
 set evt [tcom::ref createobject MSUtil.LogQuery.FileSystemInputFormat]

 set recordSet [$lgp Execute \
              "SELECT TOP 10 Path, Name, Size FROM C:\\*.* ORDER BY Size DESC"\
                   $evt]

 while { ![$recordSet atEnd] } {
      set record  [$recordSet getRecord]
        
      puts "[$record getValue 0],[$record getValue 1],[$record getValue 2]"
        
      $recordSet moveNext 
 }

 $recordSet close

----

'''[Jorge] - 2009-07-04 23:58:22'''
of course, you have to execute:
 C:\LogParser>regsvr32 LogParser.dll
to "register" the LogParser scriptable COM component.

'''[Jorge] - 2011-09-22 22:57:22'''
mmm, looks like the installer also registers the dll, as I have not had to do this myself.

----
[male] - 2010-02-23 - an example accessing the Windows event log [LogParser accessing the Windows event log]
----
'''[Jorge] - 2014-04-24 22:32:50'''

See Also:

http://www.microsoftbob.com/tag/Log-Parser.aspx

----
!!!!!!
%| [Category Parsing] | [Category File] |%
!!!!!!