• Facebook
  • RSS Feed
  • Instagram
  • LinkedIn
  • Twitter
Jun 162010

You can use Log Parser for a huge variety of things, including looking at Enterprise Vault data.

Grab a copy from :


After installing that you can write some fairly powerful queries rapidly.  Here are a couple of examples :-

LogParser.exe -i:EVT -o:CSV "select DISTINCT ComputerName,EventLog,EventID,EventTypeName,EventCategoryName,SourceName,Strings,Message into C:testev1.csv FROM ‘\evault1Symantec Enterprise Vault’ WHERE (EventTypeName = ‘Error event’ AND EventID NOT IN(13360;6796)


LogParser.exe -i:EVT -o:CSV "select DISTINCT ComputerName,EventLog,EventID,EventTypeName,EventCategoryName,SourceName,Strings,Message into C:testev2.csv FROM ‘\evault1Symantec Enterprise Vault’ WHERE EventID = 6221

When it’s run it will output, in this case, a CSV file with the info in it that has been gathered from the event log.  The first query output error events but not where the ID is 13360, or 6796.  The second query output just those events where the EventID is 6221, which is the event logged when the storage service starts.

In addition it gives you information on progress, for example :

Elements processed: 17443
Elements output:    3
Execution time:     3.88 seconds

There is a LOT more that you can do, including output to HTML, outputing to .GIF’s and so on.  Much of this is covered in the online help which comes with the tool.

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>