LogParser goes COM

JM 7/4/2009, Using the LogParser's scriptable COM with Tcl:

LogParser Valid Inputs: text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows operating system such as the Event Log, the Registry, the file system, and Active Directory

 package require tcom
 console show

 set oLogQuery [::tcom::ref createobject "MSUtil.LogQuery"]

 set oEVTInputFormat [::tcom::ref createobject "MSUtil.LogQuery.EventLogInputFormat"]
 $oEVTInputFormat direction "BW"

 set oCSVOutputFormat [::tcom::ref createobject "MSUtil.LogQuery.CSVOutputFormat"]
 $oCSVOutputFormat tabs true

 set strQuery "SELECT TimeGenerated, EventID INTO C:\\output.csv FROM System"
 append strQuery " WHERE SourceName = 'Application Popup'"

 $oLogQuery ExecuteBatch $strQuery $oEVTInputFormat $oCSVOutputFormat

after running this example, the following file will be created:
c:\output.csv

Interactive Mode - Example 1:
This example displays the 10 largest files on the C: drive:

 package require tcom
 console show

 set lgp [tcom::ref createobject MSUtil.LogQuery]
 set evt [tcom::ref createobject MSUtil.LogQuery.FileSystemInputFormat]

 set recordSet [$lgp Execute \
              "SELECT TOP 10 Path, Name, Size FROM C:\\*.* ORDER BY Size DESC"\
                   $evt]

 while { ![$recordSet atEnd] } {
      set record  [$recordSet getRecord]

      puts "[$record getValue 0],[$record getValue 1],[$record getValue 2]"

      $recordSet moveNext 
 }

 $recordSet close

Interactive Mode - Example 2:
filename of this script: TSV_parsing.tcl (so it serves as data to parse also)
There should be a <TAB> between each pair of the 5 lines of data shown below.

 if 0 {
 5        90
 25        30
 45        50
 65        55
 85        25
 }

 lappend auto_path .

 package require tcom
 console show

 set lgp [tcom::ref createobject MSUtil.LogQuery]

 set iTSVInputFormat [tcom::ref createobject MSUtil.LogQuery.TSVInputFormat]
 $iTSVInputFormat headerRow OFF
 $iTSVInputFormat nSkipLines 1
 $iTSVInputFormat fixedSep ON
 $iTSVInputFormat dtLines 5

 update
 set recordSet [$lgp Execute \
 "SELECT Field1 AS x,
 Field2 AS y FROM TSV_parsing.tcl
  WHERE IN_ROW_NUMBER() < 6 AND x>5"\
  $iTSVInputFormat]

 puts "Field names:"
 for {set i 0} {$i < [$recordSet getColumnCount]} {incr i} {
   puts "$i: [$recordSet getColumnName $i]"
 }
 puts "==========="
 while { ![$recordSet atEnd] } {
    set record  [$recordSet getRecord]
    #puts "[$record getValue customer]"
    set MaxColIx [expr [$recordSet getColumnCount] - 1]
    for {set i 0} {$i < [$recordSet getColumnCount]} {incr i} {
      if {$i < $MaxColIx} {
        puts -nonewline "[$record getValue [$recordSet getColumnName $i]],"
      } else {
        puts "[$record getValue [$recordSet getColumnName $i]]"      
      }
    }
    $recordSet moveNext
 }

 $recordSet close

Output to tablelist

if 0 {
5        90
25        30
45        50
65        55
85        25
}

lappend auto_path .
package require tablelist
package require tcom
console show

set qry "
SELECT
Field1 AS x,
Field2 AS y
FROM [info script]
WHERE IN_ROW_NUMBER() < 6 AND x>5"

# Extract field names from SQL to use as tablelist headings
# provided there is a clausule "AS" for each field
set columns {}
set qryFields [split $qry ","]
foreach field $qryFields {
  set listedStmt [split [string trim $field]]
  set ASIx [lsearch $listedStmt "AS"]
  if {$ASIx > -1} {
    lappend columns 0
    lappend columns [lindex $listedStmt [expr {$ASIx + 1}]]
  }
}

puts "==="

set tbl .tbl
tablelist::tablelist $tbl -columns $columns -height 35 -width 200
$tbl configure -labelcommand tablelist::sortByColumn
pack .tbl

set lgp [tcom::ref createobject MSUtil.LogQuery]

set iTSVInputFormat [tcom::ref createobject MSUtil.LogQuery.TSVInputFormat]
$iTSVInputFormat headerRow OFF
$iTSVInputFormat nSkipLines 1
$iTSVInputFormat fixedSep ON
$iTSVInputFormat dtLines 5
 
set recordSet [$lgp Execute \
$qry \
$iTSVInputFormat]

for {set i 0} {$i < [$recordSet getColumnCount]} {incr i} {
  puts "$i: [$recordSet getColumnName $i]"
}

set line ""
while { ![$recordSet atEnd] } {
    set record  [$recordSet getRecord]
    #puts "[$record getValue customer]"
    set MaxColIx [expr [$recordSet getColumnCount] - 1]
    for {set i 0} {$i < [$recordSet getColumnCount]} {incr i} {
      if {$i < $MaxColIx} {
        #append line "[$record getValue [$recordSet getColumnName $i]],"
        append line "[$record getValue $i],"        
      } else {
        append line "[$record getValue [$recordSet getColumnName $i]],"      
      }
    }
    set table_row [split $line ","]
    .tbl insert end $table_row
    set line ""
    $recordSet moveNext
}

$recordSet close

male - 2010-02-23 - an example accessing the Windows event log LogParser accessing the Windows event log

Jorge - 2014-04-24 22:32:50

See Also:

http://www.microsoftbob.com/?tag=Log+Parser