SharePoint 2016: Managing Logging using PowerShell (Real World example)

This is a series of articles in which reader will learn how to use a command, what will be an expectation and what are the possible parameters available for it. Different scenarios will be demonstrated and then execution of these scenarios with examples.

Scenario:

First, let's check the ULS logging settings (location, the number of days, etc.), then we will change the logging path and a number of days retention. Also, we want to check what the diagnostic providers are? Then disable the event log and re-enable.

Let's check what is the logging level set to area & category, Then we will change the logging level for eApproal Area (all categories) and a couple of categories (Business Data, Audit, General) to Verbose. After that, we check again the logging level to make sure it is properly configured. Now we will create a new log file, then merge the log file from all servers in the farm. After that, we check again the logging level to make sure. Finally, we clear everything back to default.

Tasks:

• Check the diagnostic provider?
• Disable the Event Log provider (job-diagnostics-event-log-provider) and check the settings again.
• Enable Event Log provider (job-diagnostics-event-log-provider)
• Get ULS logging settings
• Change the ULS logging location, Number of days Retention and Event flood protection.
• Check the ULS logging level for eApproval area and following categories (Business Data, Audit, General)
• Set these to Verbose
• Create new log file
• Mergelogfile from all servers
• Get the all high entries from eApproval area.
• Set the logging level to default
• Create new splog file
• New usage file

Check the diagnostic provider?

Run the below-mentioned command to get all available diagnostic providers which are feeding in the ULS logs.

      Get-SPDiagnosticsProvider  

Output will be like this:
 http://i0.wp.com/krossfarm.com/wp-content/uploads/2016/05/getdiagprovider.jpg?resize=571%2C301
 

Disable the Event Log provider

To disable the "job-diagnostics-event-log-provider"  provider, run the PowerShell below.

 Get-SPDiagnosticsProvider job-diagnostics-event-log-provider | Set-SPDiagnosticsProvider -Enable:$false
Get-SPDiagnosticsProvider job-diagnostics-event-log-provider

Output will be likely this (you will see enabled value to False)http://i0.wp.com/krossfarm.com/wp-content/uploads/2016/05/getdiagprovider2.jpg?resize=720%2C154

Enable Event Log provider

Enable the "job-diagnostics-event-log-provider"  provider, run the PowerShell below.

 Get-SPDiagnosticsProvider job-diagnostics-event-log-provider | Set-SPDiagnosticsProvider -Enable:$true
Get-SPDiagnosticsProvider job-diagnostics-event-log-provider

You will see the output like below, where event log provider is enabled to True.http://i0.wp.com/krossfarm.com/wp-content/uploads/2016/05/getdiagprovider3.jpg?resize=720%2C153

Get ULS logging Settings

In order to get the settings for ULS, please run the below mentioned command:

      Get-SPDiagnosticConfig  

This will return following things:
http://i2.wp.com/krossfarm.com/wp-content/uploads/2016/05/GetDiagnos1.jpg?resize=599%2C353

Change the ULS logging

 PS C:\> Set-SPDiagnosticConfig -DaysToKeepLogs 7 -LogLocation "d:\data\logs" -EventLogFloodProtectionEnabled
PS C:\> Get-SPDiagnosticConfig

You will see the output like this:
http://i0.wp.com/krossfarm.com/wp-content/uploads/2016/05/GetDiagnos2.jpg?resize=584%2C49http://i2.wp.com/krossfarm.com/wp-content/uploads/2016/05/GetDiagnos3.jpg?resize=604%2C329

Here is what you will see at Central admin: 
http://i2.wp.com/krossfarm.com/wp-content/uploads/2016/05/GetDiagnos4.jpg?resize=720%2C445

Check the ULS logging level 

Now we want to check the logging level for eApproval area and following categories (Business Data, Audit, General)

        Get-SPLogLevel -identity "eApproval:*", General, audit, "Business Data"  

You have to separate the categories with ','.

Output will be likely this:
http://i2.wp.com/krossfarm.com/wp-content/uploads/2016/05/getsploglevel.jpg?resize=581%2C270

Set ULS logging level to Verbose

Now, we will set the Verbose logging for above area and categories to Verbose. Please run the below command.

 Set-SPLogLevel -TraceSeverity verbose -EventSeverity verbose -Identity "eApproval:*", General, audit, "Business Data"
Get-SPLogLevel -identity "eApproval:*", General, audit, "Business Data"

Output will be likely this:
http://i2.wp.com/krossfarm.com/wp-content/uploads/2016/05/getsploglevel1.jpg?resize=720%2C262

Create new log file

Now we want to create new logfile:

      New-SPLogFile  

It will create a new log file and you will see it in the logs folder.

Merge log files

As we have four servers in the farm, now we want to merge the logs file from all servers in single file. Yes, we can do it. Thanks, PowerShell.

      Merge-SPLogFile -StartTime "05/05/2016 08:00" -EndTime "05/05/2016 08:05" -Path "F:\mergelog.log"  

This will create a new file in the location mentioned in the command. That file includes entries from all servers.
http://i1.wp.com/krossfarm.com/wp-content/uploads/2016/05/get-sploglevel3.jpg?resize=603%2C175

Get High Event entries

Now we want to get the high event entries from ULS logs for specific time periods.

 Merge-SPLogFile -StartTime "05/05/2016 08:00" -EndTime "05/05/2016 08:05" -Path "F:\eventlog.log" | Where-Object {$_.Level -eq "high" -and $_.Area -eq "eApproval"}

This will create a new log file on the path mentioned in the command, that file includes all the High entries in the log.

Set logging level to default

Now time to reset the logging level to default otherwise drive space will become an issue. ULS logs love the space.

 clear-SPLogLevel -Identity "eApproval:*", General, audit, "Business Data"
Get-SPLogLevel -identity "eApproval:*", General, audit, "Business Data"

Below output will show you above categories reset to default level.http://i0.wp.com/krossfarm.com/wp-content/uploads/2016/05/getsploglevel6.jpg?resize=582%2C303

New Usage Log File

Let's create a new Usage log file on the server. If you have multiple servers then run the below command on the all the servers.

 New-SPUsageLogFile​

This will create a new Usage files on the server (where you run the command). The usage data in memory is flushed to the current Usage log file before the new log file is created.

Note

This is just an example, the situation varies in your environment. This example is just for learning the purpose and gives you an idea how to use above PowerShell commands.

See Also

• SharePoint 2016 Logging Area and Category.
• SharePoint 2016 Managing the Logging using PowerShell
• Krossfarm.com
• SharePoint 2016 List of All available PowerShell cmdlets
• SharePoint 2016 List of All Available PowerShell Cmdlets(Excel Sheet)

↑ Return to Top