« Previous Next »

Thread: Correct SQL Syntax For This

Last post 04-10-2009 12:33 PM by DirtySanchez. 5 replies.

Average Rating Rate It (5)

RSS

Page 1 of 1 (6 items)

Sort Posts:

Shortcuts

Search | Active Posts | Unanswered Posts | View all users

  • 04-06-2009, 6:01 PM

    Correct SQL Syntax For This

    Reply Contact

    Hello,

          I'd like to write my statement so that it parses through my entire log and searches user's that have multiple log-on's from different IP address's for that user.  For example, my present log format is as such:

          The output would be similiar to what you see below in the example, logparser parsed through the log file, pulled all logons from jdoe and provided IP addresse's and even showed the different IP address..  This is fine and I can do this presently, however when you have a log file that is enormous it would take literally forever to search this way.  I'd like it to parse through the whole log and detect what i'm describing above, I just do not know the proper SQL syntax for it.

    DATE      TIME     EVTID     STATUS    DC      DOMAIN    USERNAME    IP

    4/5/2009  3:00:23    540       LOGON     TEST  TESTDC     JDOE              111.11.111.111

    4/5/2009  3:00:32    540       LOGON     TEST  TESTDC     JDOE              111.11.111.111

    4/5/2009  3:02:33    540       LOGON     TEST  TESTDC     JDOE              111.11.111.111

    4/5/2009  3:02:33    540       LOGON     TEST  TESTDC     JDOE              111.11.111.111

    4/5/2009  3:02:33    540       LOGON     TEST  TESTDC     JDOE              222.22.222.222

    What I have now for one person searches:

     Logparser -i:CSV -o:DATAGRID "SELECT * FROM \\mydc\logs\myfile.csv WHERE EVTID '540' AND USERNAME = 'jdoe'"

     That's about as far as I've gotten.  Any help in helping me finish the syntax with what I'm needing is GREATLY APPRECIATED.  I thought I'd try again to post a question on this site as my prior attempts made were unsuccessful in getting replies.

     

  • 04-07-2009, 3:21 PM In reply to

    Re: Correct SQL Syntax For This

    Reply Contact

     47 Views and not one response? WOW!

  • 04-08-2009, 4:05 PM In reply to

    Re: Correct SQL Syntax For This

    Reply Contact

     118 views total, wow completely unbelievable not one response yet?  Is the question not understood? Is it beyond the technical know-how of this site?  What's the point in a technical forum if there is little or no collaboration.  It defeats the entire purpose.

  • 04-09-2009, 7:22 PM In reply to

    Re: Correct SQL Syntax For This

    Reply Contact

     What the point?  Absolutely worthless.

  • 04-10-2009, 8:40 AM In reply to

    Re: Correct SQL Syntax For This

    Reply Contact

    You need help with the SQL not the syntax of LogParser.

    The reason why I (or others I presume) don't help out here often is that

    a) The questions here are 95% of the time SQL question nothing to do with LogParser and SQL is not a strong point of this. So either learn SQL or ask on a more relevant forum. SQL is  a HUGE area the tiny team that wrote logparser all those years ago cannot surely know every SQL query.

    b) We tend to only use the IIS part for LogPraser as this is an IIS forum most of us will know and care about IIS. SQL will not be a strong point. How do I get xyz from a Sun server logs is of little interest to the regular posters here.

    I have done a fair bit of SQL DBA as part of my roles and probably know more than most regulars here about SQL but it still take tiem to work it all out.

     c) This forum is really for specifics of LogParser. If the question was the SQL xyz should give abc back but in logParser it gives abb then it is more of an issue and more likely to be relevant.

    d) People help out here when they know the answers. You seem to be demanding answers and that is no way to get help. Some people seem to think that because there is a forum then they should do no work and the forum people should do their bidding. Serious tell me this how much SQL have you learnt to help you solve the problem? Help yourself first rather than expecting people to spoon feed you the answers.

    I agree there are few questions answered here but I have explained the reasons. I think that the forums should be clearer in the explanation of what this forum is for and explain that you need to understand SQL to really get benefit from LogParser and that this forum is not the best place for generic SQL help. There are many far more suitable forums for generic SQL help and they are far busier than here and will help out more than here. This is never made clear.

    Also in answer to your question it looks like a case for correlated subqueries with group by clauses.

    http://www.iisportal.com

  • 04-10-2009, 12:33 PM In reply to

    Re: Correct SQL Syntax For This

    Reply Contact

    Thanks for your reply, you are truely wise and all knowing and you have shown me the light.    Thanks again for sharing your infinite wisdom and experience, I feel much smarter now and will utilize what I've taken in from your reply with me for seconds to come.  One thing I didn't understand, perhaps you could answer, you made the comment

    You:  "You need help with SQL not the syntax of LogParser" 

    Me:    hmmm.  So your telling besides the "SQL syntax" that Logparser has it's own "Syntax" aside from SQL?

    Boy I'm learning new stuff everyday....

    You:  "The Questions here are 95% of the time SQL related and have nothing to do with LogParser."

    Me:   Without SQL statement injection into the LogParser program what other ways are there to get Logparser to work?  Perhaps you could enlighten the community on this, I'm sure others would benefit greatly from this information.

    You:  "You seem to be demanding answers and that is no way to get help."

    Me.  Not demanding help moreso discouraged in the involvement and willingness to help others.  The point of a forum like this is that it's a collaborative environment that is suppose to offer help, suggestions and support.  I am not looking for others to do my work, I look to others that may have more experience to offer me helpful suggestions or lead me in the right direction.  Usually those that make think or make comments like "Some people seem to think that because there is a forum then they should do not work and the forum people shouldd do their bidding." usually have nothing to offer anyway in the line of finding a final resolution that benefits the entire community and are counter-productive in the tech forum concept. 

        Finally, please explain how the Logparser program is not part of SQL?  Let me break it down for you if I may:

     

         1 part x 1part y = (2) = a working program.

     

     

     
Page 1 of 1 (6 items)
Microsoft Communities