[JM] 7/4/2009, Using the [LogParser]'s scriptable COM with Tcl:
%|Mode|Batch|%
&|Input|Windows Event Log|&
&|Output|CSV file|&
&|Mode|Batch Mode|&
package require tcom
console show
set oLogQuery [::tcom::ref createobject "MSUtil.LogQuery"]
set oEVTInputFormat [::tcom::ref createobject "MSUtil.LogQuery.EventLogInputFormat"]
$oEVTInputFormat direction "BW"
set oCSVOutputFormat [::tcom::ref createobject "MSUtil.LogQuery.CSVOutputFormat"]
$oCSVOutputFormat tabs true
set strQuery "SELECT TimeGenerated, EventID INTO C:\\output.csv FROM System"
append strQuery " WHERE SourceName = 'Application Popup'"
$oLogQuery ExecuteBatch $strQuery $oEVTInputFormat $oCSVOutputFormat
after running this example, the following file will be created:<
>c:\output.csv<
>
----
%|Mode|Interactive|%
&|Input|Windows File System|&
&|Output|Tcl script itself|&
&|Mode|Interactive Mode|&
This example displays the 10 largest files on the C: drive:
package require tcom
console show
set lgp [tcom::ref createobject MSUtil.LogQuery]
set evt [tcom::ref createobject MSUtil.LogQuery.FileSystemInputFormat]
set recordSet [$lgp Execute \
"SELECT TOP 10 Path, Name, Size FROM C:\\*.* ORDER BY Size DESC"\
$evt]
while { ![$recordSet atEnd] } {
set record [$recordSet getRecord]
puts "[$record getValue 0],[$record getValue 1],[$record getValue 2]"
$recordSet moveNext
}
$recordSet close
----
Interactive Mode - Example 2:<
>
if 0 {
5 90
25 30
45 50
65 55
85 25
}
lappend auto_path .
package require tcom
console show
set lgp [tcom::ref createobject MSUtil.LogQuery]
set iTSVInputFormat [tcom::ref createobject MSUtil.LogQuery.TSVInputFormat]
$iTSVInputFormat headerRow OFF
$iTSVInputFormat nSkipLines 1
$iTSVInputFormat fixedSep ON
$iTSVInputFormat dtLines 5
update
set recordSet [$lgp Execute \
"SELECT Field1 AS x,
Field2 AS y FROM TSV_parsing.tcl
WHERE IN_ROW_NUMBER() < 6 AND x>5"\
$iTSVInputFormat]
puts "Field names:"
for {set i 0} {$i < [$recordSet getColumnCount]} {incr i} {
puts "$i: [$recordSet getColumnName $i]"
}
puts "==========="
while { ![$recordSet atEnd] } {
set record [$recordSet getRecord]
#puts "[$record getValue customer]"
set MaxColIx [expr [$recordSet getColumnCount] - 1]
for {set i 0} {$i < [$recordSet getColumnCount]} {incr i} {
if {$i < $MaxColIx} {
puts -nonewline "[$record getValue [$recordSet getColumnName $i]],"
} else {
puts "[$record getValue [$recordSet getColumnName $i]]"
}
}
$recordSet moveNext
}
$recordSet close
----
[male] - 2010-02-23 - an example accessing the Windows event log [LogParser accessing the Windows event log]
----
'''[Jorge] - 2014-04-24 22:32:50'''
See Also:
http://www.microsoftbob.com/?tag=Log+Parser
----
!!!!!!
%| [Category Parsing] | [Category File] |%
!!!!!!