JM 7/4/2009, Using the LogParser's scriptable COM with Tcl:
Example #1
Input: Event Log
Output: CSV file
This is called Batch Mode
package require tcom console show set oLogQuery [::tcom::ref createobject "MSUtil.LogQuery"] set oEVTInputFormat [::tcom::ref createobject "MSUtil.LogQuery.EventLogInputFormat"] $oEVTInputFormat direction "BW" set oCSVOutputFormat [::tcom::ref createobject "MSUtil.LogQuery.CSVOutputFormat"] $oCSVOutputFormat tabs true set strQuery "SELECT TimeGenerated, EventID INTO C:\\output.csv FROM System" append strQuery " WHERE SourceName = 'Application Popup'" $oLogQuery ExecuteBatch $strQuery $oEVTInputFormat $oCSVOutputFormat
after running this example, the following file will be created:
c:\output.csv
Example #2
Input: File System
Output: the application itself
This is called Interactive Mode
This example displays the 10 largest files on the C: drive:
package require tcom console show set lgp [tcom::ref createobject MSUtil.LogQuery] set evt [tcom::ref createobject MSUtil.LogQuery.FileSystemInputFormat] set recordSet [$lgp Execute \ "SELECT TOP 10 Path, Name, Size FROM C:\\*.* ORDER BY Size DESC"\ $evt] while { ![$recordSet atEnd] } { set record [$recordSet getRecord] puts "[$record getValue 0],[$record getValue 1],[$record getValue 2]" $recordSet moveNext } $recordSet close
Jorge - 2009-07-04 23:58:22 of course, you have to execute:
C:\LogParser>regsvr32 LogParser.dll
to "register" the LogParser scriptable COM component.
Jorge - 2011-09-22 22:57:22 mmm, looks like the installer also registers the dll, as I have not had to do this myself.
male - 2010-02-23 - an example accessing the Windows event log LogParser accessing the Windows event log