To download the Log Parser Studio, please see the attachment on this blog post.
Anyone who regularly uses Log Parser 2.2 knows just how useful and powerful it can be for obtaining valuable information from IIS (Internet Information Server) and other logs. In addition, adding the power of SQL allows explicit searching of gigabytes of logs returning only the data that is needed while filtering out the noise. The only thing missing is a great graphical user interface (GUI) to function as a front-end to Log Parser and a ‘Query Library’ in order to manage all those great queries and scripts that one builds up over time.
Log Parser Studio was created to fulfill this need; by allowing those who use Log Parser 2.2 (and even those who don’t due to lack of an interface) to work faster and more efficiently to get to the data they need with less “fiddling” with scripts and folders full of queries.
With Log Parser Studio (LPS for short) we can house all of our queries in a central location. We can edit and create new queries in the ‘Query Editor’ and save them for later. We can search for queries using free text search as well as export and import both libraries and queries in different formats allowing for easy collaboration as well as storing multiple types of separate libraries for different protocols.
Processing Logs for Exchange Protocols
We all know this very well: processing logs for different Exchange protocols is a time consuming task. In the absence of special purpose tools, it becomes a tedious task for an Exchange Administrator to sift thru those logs and process them using Log Parser (or some other tool), if output format is important. You also need expertise in writing those SQL queries. You can also use special purpose scripts that one can find on the web and then analyze the output to make some sense of out of those lengthy logs. Log Parser Studio is mainly designed for quick and easy processing of different logs for Exchange protocols. Once you launch it, you’ll notice tabs for different Exchange protocols, i.e. Microsoft Exchange ActiveSync (MAS), Exchange Web Services (EWS), Outlook Web App (OWA/HTTP) and others. Under those tabs there are tens of SQL queries written for specific purposes (description and other particulars of a query are also available in the main UI), which can be run by just one click!
Let’s get into the specifics of some of the cool features of Log Parser Studio …
Query Library and Management
Upon launching LPS, the first thing you will see is the Query Library preloaded with queries. This is where we manage all of our queries. The library is always available by clicking on the Library tab. You can load a query for review or execution using several methods. The easiest method is to simply select the query in the list and double-click it. Upon doing so the query will auto-open in its own Query tab. The Query Library is home base for queries. All queries maintained by LPS are stored in this library. There are easy controls to quickly locate desired queries & mark them as favorites for quick access later.
Library Recovery
The initial library that ships with LPS is embedded in the application and created upon install. If you ever delete, corrupt or lose the library you can easily reset back to the original by using the recover library feature (Options | Recover Library). When recovering the library all existing queries will be deleted. If you have custom/modified queries that you do not want to lose, you should export those first, then after recovering the default set of queries, you can merge them back into LPS.
Import/Export
Depending on your need, the entire library or subsets of the library can be imported and exported either as the default LPS XML format or as SQL queries. For example, if you have a folder full of Log Parser SQL queries, you can import some or all of them into LPS’s library. Usually, the only thing you will need to do after the import is make a few adjustments. All LPS needs is the base SQL query and to swap out the filename references with ‘[LOGFILEPATH]’ and/or ‘[OUTFILEPATH]’ as discussed in detail in the PDF manual included with the tool (you can access it via LPS | Help | Documentation).
Queries
Remember that a well-written structured query makes all the difference between a successful query that returns the concise information you need vs. a subpar query which taxes your system, returns much more information than you actually need and in some cases crashes the application.
The art of creating great SQL/Log Parser queries is outside the scope of this post, however all of the queries included with LPS have been written to achieve the most concise results while returning the fewest records. Knowing what you want and how to get it with the least number of rows returned is the key!
Batch Jobs and Multithreading
You’ll find that LPS in combination with Log Parser 2.2 is a very powerful tool. However, if all you could do was run a single query at a time and wait for the results, you probably wouldn’t be making near as much progress as you could be. In lieu of this LPS contains both batch jobs and multithreaded queries.
A batch job is simply a collection of predefined queries that can all be executed with the press of a single button. From within the Batch Manager you can remove any single or all queries as well as execute them. You can also execute them by clicking the Run Multiple Queries button or the Execute button in the Batch Manager. Upon execution, LPS will prepare and execute each query in the batch. By default LPS will send ALL queries to Log Parser 2.2 as soon as each is prepared. This is where multithreading works in our favor. For example, if we have 50 queries setup as a batch job and execute the job, we’ll have 50 threads in the background all working with Log Parser simultaneously leaving the user free to work with other queries. As each job finishes the results are passed back to the grid or the CSV output based on the query type. Even in this scenario you can continue to work with other queries, search, modify and execute. As each query completes its thread is retired and its resources freed. These threads are managed very efficiently in the background so there should be no issue running multiple queries at once.
Now what if we did want the queries in the batch to run concurrently for performance or other reasons? This functionality is already built-into LPS’s options. Just make the change in LPS | Options | Preferences by checking the ‘Process Batch Queries in Sequence’ checkbox. When checked, the first query in the batch is executed and the next query will not begin until the first one is complete. This process will continue until the last query in the batch has been executed.
Automation
In conjunction with batch jobs, automation allows unattended scheduled automation of batch jobs. For example we can create a scheduled task that will automatically run a chosen batch job which also operates on a separate set of custom folders. This process requires two components, a folder list file (.FLD) and a batch list file (.XML). We create these ahead of time from within LPS. For more details on how to do that, please refer to the manual.
Charts
Many queries that return data to the Result Grid can be charted using the built-in charting feature. The basic requirements for charts are the same as Log Parser 2.2, i.e.
- The first column in the grid may be any data type (string, number etc.)
- The second column must be some type of number (Integer, Double, Decimal), Strings are not allowed
Keep the above requirements in mind when creating your own queries so that you will consciously write the query to include a number for column two. To generate a chart click the chart button after a query has completed. For #2 above, even if you forgot to do so, you can drag any numbered column and drop it in the second column after the fact. This way if you have multiple numbered columns, you can simply drag the one that you’re interested in, into second column and generate different charts from the same data. Again, for more details on charting feature, please refer to the manual.
Keyboard Shortcuts/Commands
There are multiple keyboard shortcuts built-in to LPS. You can view the list anytime while using LPS by clicking LPS | Help | Keyboard Shortcuts. The currently included shortcuts are as follows:
| Shortcut | What it does |
|---|---|
| CTRL+N | Start a new query. |
| CTRL+S | Save active query in library or query tab depending on which has focus. |
| CTRL+Q | Open library window. |
| CTRL+B | Add selected query in library to batch. |
| ALT+B | Open Batch Manager. |
| CTRL+B | Add the selected queries to batch. |
| CTRL+D | Duplicates the current active query to a new tab. |
| CTRL+ALT+E | Open the error log if one exists. |
| CTRL+E | Export current selected query results to CSV. |
| ALT+F | Add selected query in library to the favorites list. |
| CTRL+ALT+L | Open the raw Library in the first available text editor. |
| CTRL+F5 | Reload the Library from disk. |
| F5 | Execute active query. |
| F2 | Edit name/description of currently selected query in the Library. |
| F3 | Display the list of IIS fields. |
Supported Input and Output types
Log Parser 2.2 has the ability to query multiple types of logs. Since LPS is a work in progress, only the most used types are currently available. Additional input and output types will be added when possible in upcoming versions or updates.
Supported Input Types
Full support for W3SVC/IIS, CSV, HTTP Error and basic support for all built-in Log Parser 2.2 input formats. In addition, some custom written LPS formats such as Microsoft Exchange specific formats that are not available with the default Log Parser 2.2 install.
Supported Output Types
CSV and TXT are the currently supported output file types.
Log Parser Studio - Quick Start Guide
Want to skip all the details & just run some queries right now? Start here …
The very first thing Log Parser Studio needs to know is where the log files are, and the default location that you would like any queries that export their results as CSV files to be saved.
1. Setup your default CSV output path:
a. Go to LPS | Options | Preferences | Default Output Path.
b. Browse to and select the folder you would like to use for exported results.
c. Click Apply.
d. Any queries that export CSV files will now be saved in this folder.
NOTE: If you forget to set this path before you start the CSV files will be saved in %AppData%\Microsoft\Log Parser Studio by default but it is recommended that y ou move this to another location.
2. Tell LPS where the log files are by opening the Log File Manager. If you try to run a query before completing this step LPS will prompt and ask you to set the log path. Upon clicking OK on that prompt, you are presented with the Log File Manager. Click Add Folder to add a folder or Add File to add a single or multiple files. When adding a folder you still must select at least one file so LPS will know which type of log we are working with. When doing so, LPS will automatically turn this into a wildcard (*.xxx) Indicating that all matching logs in the folder will be searched.
You can easily tell which folder or files are currently being searched by examining the status bar at the bottom-right of Log Parser Studio. To see the full path, roll your mouse over the status bar.
NOTE: LPS and Log Parser handle multiple types of logs and objects that can be queried. It is important to remember that the type of log you are querying must match the query you are performing. In other words, when running a query that expects IIS logs, only IIS logs should be selected in the File Manager. Failure to do this (it’s easy to forget) will result errors or unexpected behavior will be returned when running the query.
3. Choose a query from the library and run it:
a. Click the Library tab if it isn’t already selected.
b. Choose a query in the list and double-click it. This will open the query in its own tab.
c. Click the Run Single Query button to execute the query
The query execution will begin in the background. Once the query has completed there are two possible outputs targets; the result grid in the top half of the query tab or a CSV file. Some queries return to the grid while other more memory intensive queries are saved to CSV.
As a general rule queries that may return very large result sets are probably best served going to a CSV file for further processing in Excel. Once you have the results there are many features for working with those results. For more details, please refer to the manual.
Have fun with Log Parser Studio! & always remember – There’s a query for that!
介紹:Log Parser Studio
本文內容
原文發佈於 2012 年 3 月 8 日(星期四)
經常使用 Log Parser 2.2 的用戶都知道,此工具功能強大而且實用,它可以從 IIS (Internet Information Server) 及其他日誌中獲取重要信息。另外,SQL 功能增強後允許對數 GB 大小的日誌進行明確搜索,可以在篩選掉無用信息時僅返回需要的數據。其唯一缺少的是用作 Log Parser 前端的強大圖形用戶界面 (GUI),以及用於管理用戶在一段時間內積累的所有出色查詢和腳本的“查詢庫”。
Log Parser Studio 旨在彌補這一欠缺;藉助此工具,使用 Log Parser 2.2 的用戶(甚至由於缺少界面而不使用此工具的用戶)可以提升工作速度和工作效率,不用太多地擺弄滿是查詢的腳本和文件就能獲得所需的數據。
使用 Log Parser Studio(簡稱 LPS),我們可以將所有查詢存儲到一箇中心位置。我們可以在“查詢編輯器”中編輯並創建新查詢,並可以進行保存供日後使用。我們還可以使用自定義文本搜索來搜索查詢內容,並將庫和查詢以不同格式導出或導入,以便輕鬆協作或針對不同協議存儲多種單獨的庫。
處理 Exchange 協議的日誌
我們都深知一點:處理各種 Exchange 協議的日誌非常耗時。在缺少專用工具,但又對輸出格式要求較高時,篩選這些日誌並使用 Log Parser(或其他某種工具)進行處理,對於 Exchange 管理員來說將是一項令人厭煩的任務。而且,您還需要具備編寫這些 SQL 查詢的專業知識。當然,您也可以使用可在 Web 上找到的特製腳本,然後對輸出進行分析以嘗試弄明白這些冗長的日誌的輸出結果。Log Parser Studio 的設計主旨是用於快速輕鬆地處理 Exchange 協議的各種日誌。啓動此工具後,您會發現針對不同的 Exchange 協議設置了不同標籤,即 Microsoft Exchange ActiveSync (MAS)、Exchange Web 服務 (EWS)、Outlook Web App (OWA/HTTP) 等。在這些標籤下有數十個針對特定用途編寫的 SQL 查詢(查詢的描述及其他詳情也會出現在主用戶界面上),只需單擊一下即可立即運行!
現在,讓我們來探究一下 Log Parser Studio 的一些超酷功能的細節吧…
查詢庫和管理
啓動 LPS 後,首先映入眼簾的是隨查詢預加載的查詢庫。這是管理我們所有查詢的位置。單擊“庫”(Library) 標籤即可使用查詢庫。可以使用多種方法加載查詢以進行檢查或執行。最簡單的方法是在列表中選擇該查詢,然後雙擊它。此時,查詢將在其自己的“查詢”(Query) 標籤中自動打開。查詢庫 是查詢的總部。LPS 維護的所有查詢都存儲在此庫中。您可以利用簡單的控件快速定位到所需的查詢,也可以將其加入收藏,以便日後快速訪問。
庫恢復
LPS 附帶的初始庫嵌入在應用程序中,在程序安裝時創建。如果您刪除、損壞或丟失了此庫,則可以使用恢復庫功能(“選項”(Options)|“恢復庫”(Recover Library))輕鬆重置爲原始庫。在恢復庫時,所有現有的查詢都將被刪除。如果您需要保留某些自定義/修改的查詢,您應該先將其導出,在恢復默認查詢集後,即可以將導出的查詢合併回 LPS 中。
導入/導出
根據您的需要,您可以將整個庫或部分庫以默認的 LPS XML 格式或作爲 SQL 查詢導入或導出。例如,如果您有一個文件夾裏存滿了 Log Parser SQL 查詢,您可以將部分或全部查詢導入到 LPS 庫中。在導入後,您通常只需要進行些許調整。LPS 只需要基本 SQL 查詢,並將“[LOGFILEPATH]”和/或“[OUTFILEPATH]”替換爲文件名引用,在此工具隨附的 PDF 手冊(可通過“LPS”|“幫助”(Help)|“文檔”(Documentation) 訪問該手冊)中有詳細介紹。
查詢
請牢記,編寫合理的結構化查詢是決定查詢成敗的關鍵,成功的查詢將返回您需要的準確信息,而失敗的查詢將佔用您的系統,返回過多不符合要求的信息,而且有時會導致應用程序崩潰。
創建完美的 SQL/Log Parser 查詢的技巧不屬於本文討論的範圍,不過,LPS 附帶的所有查詢均能夠獲得最精準的結果,同時返回最少量的記錄。關鍵在於瞭解您的需要以及如何通過返回最少行獲得所需的數據!
批處理作業和多線程處理
您會發現,LPS 與 Log Parser 2.2 結合起來就是一款非常強大的工具。但是,如果您只能一次運行一個查詢,然後就是等待結果,則很可能無法獲得您本應獲得的效果。爲此,LPS 同時包含了批處理作業和多線程查詢。
一個批處理作業其實就是預定義查詢的集合,只需按下一個按鈕即可執行所有查詢。從“批處理管理器”(Batch Manager) 中,您可以移除任何一個或所有查詢以及執行這些查詢。您也可以通過單擊“批處理管理器”(Batch Manager) 中的“運行多個查詢”(Run Multiple Queries) 按鈕或“執行”(Execute) 按鈕來執行查詢。在執行時,LPS 將準備和執行批次中的每個查詢。默認情況下,LPS 會在準備好每個查詢後立即將所有查詢發送到 Log Parser 2.2。這是多線程處理的優勢所在。例如,如果我們將 50 個查詢設置爲一個批處理作業並執行此作業,那麼在後臺將有 50 個線程同時使用 Log Parser,這讓用戶可以有空處理其他查詢。各個作業結束後,結果將發送回網格或 CSV 輸出,具體取決於查詢類型。此時,您仍然可以繼續進行其他查詢、搜索、修改和執行。每個查詢完成後,查詢的線程將停用,查詢資源將被釋放。這些線程將在後臺得到非常高效地管理,因此能夠立即運行多個查詢。
那麼,如果我們出於性能或其他原因希望一個批次中的查詢同時運行,該怎麼辦?LPS 的選項中已內置了這項功能。只需選中“依次處理批次查詢”(Process Batch Queries in Sequence)複選框,更改“LPS”|“選項”(Options)|“首選項”(Preferences) 即可。選中後,系統將執行批次中的第一個查詢,直到第一個查詢完成後,下一個查詢纔開始執行。此過程將在批次中的最後一個查詢執行後結束。
自動化
與批處理作業相結合,自動化功能實現了無管理按計劃自動處理批處理作業。例如,我們可以創建一個將自動運行所選批處理作業的計劃任務,也可以對一組單獨的自定義文件夾運行此任務。此過程需要兩個組件,一個是文件夾列表文件 (.FLD),另一個是批處理列表文件 (.XML)。我們需要在 LPS 內提前創建這些文件。有關如何進行此操作的更多詳細信息,請參考手冊。
圖表
可以使用內置的圖表功能對將數據返回到“結果網格”的許多查詢繪製圖表。也就是說,圖表的基本要求與 Log Parser 2.2 相同。
- 網格的第一列可以是任何數據類型(字符串、數字等)
- 第二列則必須是某類數字(整數、雙精度、小數),不允許有字符串
在創建自己的查詢時請記住上述要求,以便您在編寫查詢時不會忘記在第二列中加入數字。若要生成圖表,請在查詢完成後單擊圖表按鈕。對於上述第二點,即使您忘記按要求操作,您還可以在事後拖動任何一個包含數字的列,將其放到第二列內。這樣,如果您有多個包含數字的列,只要拖動您需要的一列放到第二列內即可,此時將根據相同數據生成不同的圖表。同樣,有關圖表功能的更多詳細信息,請參考手冊。
鍵盤快捷方式/命令
LPS 中內置了多個鍵盤快捷方式。在使用 LPS 時您可以隨時查看快捷方式列表,方法是單擊“LPS”|“幫助”(Help)|“鍵盤快捷方式”(Keyboard Shortcuts)。目前包含的快捷方式有:
| 快捷方式 | 作用 |
|---|---|
| CTRL+N | 開始新查詢。 |
| CTRL+S | 在庫或查詢標籤(根據焦點情況)內保存活動查詢。 |
| CTRL+Q | 打開庫窗口。 |
| CTRL+B | 將庫中選中的查詢添加到批次。 |
| ALT+B | 打開批處理管理器。 |
| CTRL+B | 將選中的查詢添加到批次。 |
| CTRL+D | 將當前活動查詢複製到新標籤。 |
| CTRL+ALT+E | 打開錯誤日誌(如果有)。 |
| CTRL+E | 將當前選中的查詢結果導出到 CSV。 |
| ALT+F | 將庫中選中的查詢添加到收藏夾列表。 |
| CTRL+ALT+L | 在第一個可用的文本編輯器中打開原始庫。 |
| CTRL+F5 | 從磁盤重新加載庫。 |
| F5 | 執行活動查詢。 |
| F2 | 編輯庫中當前選中的查詢的名稱/描述。 |
| F3 | 顯示 IIS 字段列表。 |
支持的輸入和輸出類型
Log Parser 2.2 能夠查詢多種日誌。由於 LPS 仍處於開發階段,目前僅支持最常用的類型。更多輸入和輸出類型將在未來推出的版本或更新中不斷增加。
支持的輸入類型
完全支持 W3SVC/IIS、CSV、HTTP 錯誤,基本支持 Log Parser 2.2 內置的所有輸入格式。此外,還有一些不隨默認 Log Parser 2.2 安裝包含的自定義編寫的 LPS 格式(如 Microsoft Exchange 特定格式)。
支持的輸出類型
目前支持的輸出文件類型有 CSV 和 TXT。
Log Parser Studio - 快速入門指南
希望跳過所有詳細介紹,直接運行一些查詢?從這裏開始 …
Log Parser Studio 需要確認的第一件事是日誌文件的位置,以及您希望保存將其結果導出爲 CSV 文件的任何查詢的默認存儲位置。
1. 設置默認的 CSV 輸出路徑:
a. 進入“LPS”|“選項”(Options)|“首選項”(Preferences)|“默認輸出路徑”(Default Output Path)。
b. 瀏覽並選擇您希望用於存儲導出結果的文件夾。
c. 單擊“應用”(Apply)。
d. 導出 CSV 文件的任何查詢現在都將保存到此文件夾中。
注意:如果在開始前您忘記設置此路徑,CSV 文件將默認保存到 %AppData%\Microsoft\Log Parser Studio,不過建議您更改此保存位置。
2. 打開“日誌文件管理器”(Log File Manager),告知 LPS 日誌文件的位置。如果您在完成此步驟前嘗試運行查詢,LPS 將發出提示,要求您設置日誌路徑。單擊提示窗口的“確定”(OK) 後將出現“日誌文件管理器”(Log File Manager)。單擊“添加文件夾”(Add Folder) 以添加文件夾,或單擊“添加文件”(Add File) 以添加一個或多個文件。在添加文件夾時,您仍必須至少選擇一個文件,以通知 LPS 我們正在使用的日誌類型。執行此操作後,LPS 會自動轉變爲通配符 (*.xxx),表示將搜索文件夾中所有匹配的日誌。
您可以通過檢查 Log Parser Studio 右下角的狀態欄輕鬆確認當前正在搜索的文件夾或文件。若要查看完整路徑,請在狀態欄上滾動鼠標。
注意:LPS 和 Log Parser 可處理能夠進行查詢的多種日誌和對象。請切記,查詢的日誌類型必須與所執行的查詢相匹配。換言之,如果運行的查詢需要 IIS 日誌,則只能在文件管理器中選擇 IIS 日誌。否則(這一點很容易忘記),在運行查詢時將返回錯誤或意外行爲。
3. 從庫中選擇查詢並運行它:
a. 如果未進行選擇,請單擊“庫”(Library) 標籤。
b. 從列表中選擇查詢並雙擊它。這時查詢將在自己的標籤中打開。
c. 單擊“運行單個查詢”(Run Single Query) 按鈕執行此查詢
查詢將在後臺開始執行。查詢完成後,將有兩種可能的輸出目標;查詢標籤上半部分中的結果網格或 CSV 文件。一些查詢將返回到網格,而其他佔用較多內存的查詢將保存爲 CSV。
一般規則是,有可能返回超大結果集的查詢也許更適合保存爲 CSV 文件,以便在 Excel 中進一步進行處理。獲得結果後,便可使用許多功能處理這些結果。有關更多詳細信息,請參考手冊。
希望 Log Parser Studio 能帶給您更多便利!不要忘記 – 查詢需要它!
Kary Wall
呈報工程師
Microsoft Exchange 支持