[JM] 7/4/2009, Using the [LogParser]'s scriptable COM with Tcl:<
> '''LogParser Valid Inputs:''' text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows® operating system such as the Event Log, the Registry, the file system, and Active Directory <
> %|Mode|Batch|% &|Input|any LogParser Valid Inputs|& &|Output|CSV file|& &|Mode|Batch Mode|& package require tcom console show set oLogQuery [::tcom::ref createobject "MSUtil.LogQuery"] set oEVTInputFormat [::tcom::ref createobject "MSUtil.LogQuery.EventLogInputFormat"] $oEVTInputFormat direction "BW" set oCSVOutputFormat [::tcom::ref createobject "MSUtil.LogQuery.CSVOutputFormat"] $oCSVOutputFormat tabs true set strQuery "SELECT TimeGenerated, EventID INTO C:\\output.csv FROM System" append strQuery " WHERE SourceName = 'Application Popup'" $oLogQuery ExecuteBatch $strQuery $oEVTInputFormat $oCSVOutputFormat after running this example, the following file will be created:<
>c:\output.csv<
> ---- %|Mode|Interactive|% &|Input|any LogParser Valid Inputs|& &|Output|Tcl script itself|& &|Mode|Interactive Mode|& Interactive Mode - Example 1:<
> This example displays the 10 largest files on the C: drive: package require tcom console show set lgp [tcom::ref createobject MSUtil.LogQuery] set evt [tcom::ref createobject MSUtil.LogQuery.FileSystemInputFormat] set recordSet [$lgp Execute \ "SELECT TOP 10 Path, Name, Size FROM C:\\*.* ORDER BY Size DESC"\ $evt] while { ![$recordSet atEnd] } { set record [$recordSet getRecord] puts "[$record getValue 0],[$record getValue 1],[$record getValue 2]" $recordSet moveNext } $recordSet close ---- Interactive Mode - Example 2:<
> filename of this script: TSV_parsing.tcl (so it serves as data to parse also)<
> There should be a between each pair of the 5 lines of data shown below. if 0 { 5 90 25 30 45 50 65 55 85 25 } lappend auto_path . package require tcom console show set lgp [tcom::ref createobject MSUtil.LogQuery] set iTSVInputFormat [tcom::ref createobject MSUtil.LogQuery.TSVInputFormat] $iTSVInputFormat headerRow OFF $iTSVInputFormat nSkipLines 1 $iTSVInputFormat fixedSep ON $iTSVInputFormat dtLines 5 update set recordSet [$lgp Execute \ "SELECT Field1 AS x, Field2 AS y FROM TSV_parsing.tcl WHERE IN_ROW_NUMBER() < 6 AND x>5"\ $iTSVInputFormat] puts "Field names:" for {set i 0} {$i < [$recordSet getColumnCount]} {incr i} { puts "$i: [$recordSet getColumnName $i]" } puts "===========" while { ![$recordSet atEnd] } { set record [$recordSet getRecord] #puts "[$record getValue customer]" set MaxColIx [expr [$recordSet getColumnCount] - 1] for {set i 0} {$i < [$recordSet getColumnCount]} {incr i} { if {$i < $MaxColIx} { puts -nonewline "[$record getValue [$recordSet getColumnName $i]]," } else { puts "[$record getValue [$recordSet getColumnName $i]]" } } $recordSet moveNext } $recordSet close ---- [male] - 2010-02-23 - an example accessing the Windows event log [LogParser accessing the Windows event log] ---- '''[Jorge] - 2014-04-24 22:32:50''' See Also: http://www.microsoftbob.com/?tag=Log+Parser ---- !!!!!! %| [Category Parsing] | [Category File] |% !!!!!!