Compartir a través de


Log Parser And IIS Log Analysis.

First have  Log Parser installed. Then Start it from C:\Program Files (x86)\Log Parser 2.2 

Here are some Log Parser queries which can be used across  IIS logs for analysis

Request Type Distribution

"SELECT EXTRACT_EXTENSION(TO_UPPERCASE(cs-uri-stem)) AS ExtType, COUNT(*) INTO FrontEndRequestType.csv FROM *.log GROUP BY ExtType ORDER BY COUNT(*) DESC " -i:W3C -o:CSV

 

Top 20 Hits

"SELECT TOP 20 TO_UPPERCASE(cs-uri-stem) AS URI, COUNT(*) AS Hits INTO Top20Hits.csv FROM *.log WHERE URI LIKE '%%.ASPX' GROUP BY URI ORDER BY Hits DESC " -i:W3C -o:CSV

 

Top 20 Hits Overall

"SELECT TOP 20 TO_UPPERCASE(cs-uri-stem) AS URI, COUNT(*) AS Hits INTO Top20Hits.csv FROM *.log GROUP BY URI ORDER BY Hits DESC " -i:W3C -o:CSV

 

Top 20 Hits Chart

"SELECT TOP 20 cs-uri-stem, COUNT(*) AS Hits INTO Top20Hits.jpg FROM *.log GROUP BY cs-uri-stem ORDER BY Hits DESC" -i:W3C -o:CHART -charttype:ColumnClustered -groupsize:640x480 -chartTitle: Top 20 Hits Chart

 

Top 20 ASPX Hits

"SELECT TOP 20 TO_UPPERCASE(cs-uri-stem) AS URI, COUNT(*) AS Hits INTO Top20ASPX.csv FROM *.log WHERE URI LIKE '%.ASPX' GROUP BY URI ORDER BY Hits DESC " -i:W3C -o:CSV

 

Top 20 Slowest ASPX Pages

"SELECT TOP 20 cs-uri-stem, max(time-taken) as MaxTime, avg(time-taken) as AvgTime INTO Top20SlowASPX.csv FROM *.log WHERE extract_extension(to_lowercase(cs-uri-stem)) = ‘aspx’ GROUP BY cs-uri-stem ORDER BY MaxTime DESC" -i:W3C -o:CSV

 

Top 20 ASMX Hits

"SELECT TOP 20 TO_UPPERCASE(cs-uri-stem) AS URI, COUNT(*) AS Hits INTO Top20ASMX.csv FROM *.log WHERE URI LIKE '%.ASMX' GROUP BY URI ORDER BY Hits DESC " -i:W3C -o:CSV

 

Top 20 Client IP Addresses

"SELECT TOP 20 c-ip, COUNT(*) AS Hits INTO Top20ClientIP.csv FROM *.log GROUP BY c-ip ORDER BY Hits DESC " -i:W3C -o:CSV

 

Requests Per Hour

"SELECT TO_LOCALTIME(QUANTIZE(TO_TIMESTAMP(date, time),3600)) AS Hours, COUNT(*) AS Hits INTO RequestsPerHour.jpg FROM *.log GROUP BY Hours ORDER BY Hours " -i:W3C -o:CHART -charttype:ColumnClustered -groupsize:640x480 -chartTitle:"Requests Per Hour"

 

HTTP Status Counts

"SELECT DISTINCT sc-status AS Status, COUNT(*) AS Hits INTO HTTPStatusCount.csv FROM *.log GROUP BY Status ORDER BY Status ASC " -i:W3C -o:CSV

 

HTTP Status Distribution

"SELECT DISTINCT sc-status AS Status, COUNT(*) AS Percent INTO HTTPStatusDistribution.jpg FROM *.log GROUP BY Status ORDER BY Percent DESC " -i:W3C -o:CHART -chartType:PieExploded -chartTitle: "HTTP Status Distribution"

 

Top 20 HTTP 304 Errors

"SELECT TOP 20 TO_UPPERCASE(cs-uri-stem) AS URI, sc-substatus, sc-win32-status, COUNT(*) AS Hits INTO Top20Http304Errors.csv FROM *.log WHERE sc-status = 304 GROUP BY URI, sc-substatus, sc-win32-status ORDER BY Hits DESC" -i:W3C -o:CSV

 

Top 20 HTTP 404 Errors

"SELECT TOP 20 TO_UPPERCASE(cs-uri-stem) AS URI, sc-substatus, sc-win32-status, COUNT(*) AS Hits INTO Top20Http404Errors.csv FROM *.log WHERE sc-status = 404 GROUP BY URI, sc-substatus, sc-win32-status ORDER BY Hits DESC" -i:W3C -o:CSV

 

Top 20 HTTP 403 Errors

"SELECT TOP 20 TO_UPPERCASE(cs-uri-stem) AS URI, sc-substatus, sc-win32-status, COUNT(*) AS Hits INTO Top20Http403Errors.csv FROM *.log WHERE sc-status = 403 GROUP BY URI, sc-substatus, sc-win32-status ORDER BY Hits DESC" -i:W3C -o:CSV

 

Top 20 HTTP 500 Errors

"SELECT TOP 20 TO_UPPERCASE(cs-uri-stem) AS URI, sc-substatus, sc-win32-status, COUNT(*) AS Hits INTO Top20500Errors.csv FROM *.log WHERE sc-status = 500 GROUP BY URI, sc-substatus, sc-win32-status ORDER BY Hits DESC" -i:W3C -o:CSV

 

Top 20 HTTP 503 Errors

"SELECT TOP 20 TO_UPPERCASE(cs-uri-stem) AS URI, sc-substatus, sc-win32-status, COUNT(*) AS Hits INTOTop20503Errors.csv FROM *.log WHERE sc-status = 503 GROUP BY URI, sc-substatus, sc-win32-status ORDER BY Hits DESC" -i:W3C -o:CSV

 

Top 20 Longest Processing Requests

"SELECT TOP 20 cs-uri-stem AS URI, date AS Date, time AS Time, sc-status, time-taken as TimeTaken(ms) INTO

Top20LongRunningRequests.csv FROM *.log ORDER BY time-taken DESC" -i:W3C -o:CSV

 

 

To view results in Charts- this needs Office Web Components; there is a good post about this here https://blogs.msdn.com/b/carloc/archive/2008/08/07/charting-with-logparser.aspx

Comments

  • Anonymous
    January 09, 2014
    I'm a big fan of LogParser! It's a powerfull and awesome tool. This is a good list of some examples of using LogParser.

  • Anonymous
    February 18, 2014
    The time we are looking at is it GMT or reading the server time?