« Previous Next »

Thread: Custom Log File unknown format

Last post 09-16-2009 10:24 AM by PatrickMc. 5 replies.

Average Rating Rate It (5)

RSS

Page 1 of 1 (6 items)

Sort Posts:

Shortcuts

Search | Active Posts | Unanswered Posts | View all users

  • 09-11-2008, 4:48 AM

    Custom Log File unknown format

    Reply Contact

    Hi,

    I have no luck with the log that I'm trying to parse.  I'm new to this world of log parsing and my initial thought to parse our custom log (below) is to use TSV but I can't seem to understand how EXTRACT_TOKEN works.

    Below is a sample of our log file.

    10 Sep 2008 03:09:46,571 [Current Time=Wed Sep 10 03:09:46 BST 2008] [Process Name=:Module1:Module-Utilities:Utilities1:MyAlerts] [Root Job Id=2ad6505aff2ebcfa:182fe42d:11c4132e476:-80002-1221012586509] [Job Id=2ad6505aff2ebcfa:182fe42d:11c4132e476:-80002-1221012586509]
    An error occurred that triggered compensation:
      Summary: Execution failed.

     Caused by:
       Summary: no peer with a running instance of WorkFlowAnalyzer found
    10 Sep 2008 03:09:46,571 [Current Time=Wed Sep 10 03:09:46 BST 2008] [Process Name=:Module1:Module-Utilities:Utilities1:MyAlerts:Module[3]:SubModule[2]:Utilities:MyModule[7]] [Root Job Id=2ad6505aff2ebcfa:182fe42d:11c4132e476:-80002-1221012586509] [Job Id=2ad6505aff2ebcfa:182fe42d:11c4132e476:-80002-1221012586509]
    The process started.
    10 Sep 2008 03:09:46,571 [Current Time=Wed Sep 10 03:09:46 BST 2008] [Process Name=:Module1:Module-Utilities:Utilities1:MyAlerts] [Root Job Id=2ad6505aff2ebcfa:182fe42d:11c4132e476:-80002-1221012586509] [Job Id=2ad6505aff2ebcfa:182fe42d:11c4132e476:-80002-1221012586509]
    Adapter request
    [adapter request=
    <request-data>
      <my-action>
        <fields>
          <field>Description</field>
          <field>Detailed_Description</field>
          <field>Reported Source</field>
          <field>Requester Full Name</field>
        </fields>
      </my-action>
    </request-data>] 


    It appears that it has 6 parts

    1) The date part

    2) [Current Time=

    3) [Process Name=

    4) [Root Job Id=

    5) [Job Id=

    6) Log message 

    How can I break the log into 6 columns?  I might use Log Parser Lizard to analyze the log file.

     Thanks for your help!
     
    Tags:

  • 09-16-2008, 4:57 AM In reply to

    Re: Custom Log File unknown format

    Reply Contact

    I think I've found a solution to my problem.  I'm very close to nailing it.  :)

    In another thread ( http://forums.iis.net/t/1150819.aspx ) I tried the RegEx solution using Log Parser Lizard.  I played with the application a bit until I deviated from what the author suggested.

    Here what I did

    1.)  I prepared my config file and called it mylogconfig.xml

    <?xml version="1.0" encoding="UTF-8"?>
    <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="C:\src\LogParserCSWebServiceInputFormat\LogParserRegexInputFormat.xsd">
     <regex>^(?&lt;DateTime&gt;(?:\d{2})\s\w{3}\s\d{4}\s\d{2}:\d{2}:\d{2},\d{3})\s+\[Current\sTime=(?&lt;CurrentTime&gt;.*?)\]\s+\[Process\sName=(?&lt;ProcessName&gt;.*?)\]\s+\[Root\sJob\sId=(?&lt;RootJobId&gt;.*?)\]\s+\[Job\sId=(?&lt;JobId&gt;.*?)\]\s+(?&lt;Message&gt;.*)$</regex>
     <fields>
                <field name="DateTime" type="Timestamp" format="dd MMM yyyy HH:mm:ss,fff" />
                <field name="CurrentTime" type="String"/>
                <field name="ProcessName" type="String"/>
                <field name="RootJobId" type="String"/>
                <field name="JobId" type="String"/>
                <field name="Message" type="String"/>

     </fields>
    </config>

    2) in Log Parser Lizard, I created a simple query.

    3)  from the drop down selection box for Input Format, (here's the killer) instead of using RegEx Input Format, I used Log4Net Input Format.

    4) There's a query properties icon next to the Input Format drop down, so I clicked it.  Double clicked on ConfigFile and typed in  "mylogconfig.xml"

    5). I hit on generate and lo and behold my custom log is parsed!

    Now, my ReqEx above for "Process name" and "Job Id" will not handle nested "[ ]" but for some magical reasons, Log4Net Input Format did it at least of Job Id. 

    Another thing though is  I have a Full Message column, instead of just Message.  I dont mind this title as long as the log message is there, I'm ok with it. 

    And there's an extra column called "Exception" at the very end.  It's empty but it doesn't bother me.  :)

    This is good progress.

    I just need some interpretation on what happened to mylogconfig.xml - it's party used and the regex seem to work.

    Any ideas?
     


     

  • 09-16-2008, 8:41 AM In reply to

    Re: Custom Log File unknown format

    Reply Contact

    Hi, I forgot to tell you that you will have to use log4net input format instead of RegEx input format. The both formats are based on regular expressions to parse the log lines but the difference is that RegEx input format is parsing the log files line by line (if there is some line that doesn’t match the regular expression, it will be marked as error). Log4Net input format also uses regular expressions to parse the log file but the logged messages is spread in more than one line. Field “Full Message” is what goes after the first line that matches the regular expression and “Exception” field isn’t null only if the “Full Message” begins with “Exception:” word (this was made for my own needs but maybe someone else will find it useful). Regex and Log4Net input formats are not the ultimate solution for every text-log-file-format but they are flexible enough to meet most of your needs. I hope that I was clear enough and now that you know this, you’ll enjoy using the MS Log Parser and Log Parser Lizard :)

    www.lizardl.com

  • 09-16-2008, 7:21 PM In reply to

    Re: Custom Log File unknown format

    Reply Contact

    I think I can't use log4net with MS Log Parser exclusively.  Can I?  The reason for this interest is becuase I want to automate the parsing and then sending the query result to SQL for analysis and or to page our net guys to act immediately if our application is crapping or down already.

    Then again I can use ahk to call Log Parser Lizard and other stuff.

    I'm a very happy chap right now.  Thanks again for your great application and more power to you! 

  • 09-18-2008, 8:37 AM In reply to

    Re: Custom Log File unknown format

    Reply Contact

    No you can't use log4net with MS Log Parser exclusively. In the near future, I will provide a custom plugin or something. Oooh, yeah... and thnx for comments and compliments :)

    www.lizardl.com

  • 09-16-2009, 10:24 AM In reply to

    • PatrickMc
    • Not Ranked
    • Joined on 12-12-2008, 11:28 AM
    • Posts 7

    Re: Custom Log File unknown format

    Reply Contact

     

    Consider using the sample script posted at http://www.biterscripting.com/SS_WebLogParser.html . It parse the IIS log. You can modify it to parse your log file to berak each entry into 6 columns.

     

     
    Tags:
Page 1 of 1 (6 items)
Microsoft Communities