Trouble with syntax and extracting info from Exchange Tracking logsRSS

5 replies

Last post Feb 15, 2007 12:29 PM by Anonymous

  • Trouble with syntax and extracting info from Exchange Tracking logs

    Feb 14, 2007 10:19 PM|Anonymous|LINK

    I am trying to pull a specific user (Recipient-Address) from Exchange logs for a report request by superiors.

     

    If I run logparser with this syntax it pulls every user in the Recipent-Address column

    logparser  -i:w3c "SELECT Recipient-Address  FROM C:\logs\*.log

    If I try to pull a specific user I get an erro whe using this syntax:

    logparser  -i:w3c "SELECT Recipient-Address  FROM C:\logs\*.log WHERE (Recipient-Address like tom.jones@mydomain.com)"

    Error: Syntax Error: <term2>: expecting matching closing parenthesis instead of
    token 'like'

    Does anyone know away that I can pull a specific user (Recipient-Address) from the logs?

    W3C input format

  • Re: Trouble with syntax and extracting info from Exchange Tracking logs

    Feb 15, 2007 09:08 AM|Anonymous|LINK

    Hi SkylarB

    I've never used LP to extract event logs (but i've used it for IIS logs etc).

    Your SQL syntax looks incorrect. Try:

    logparser  -i:w3c "SELECT Recipient-Address  FROM C:\logs\*.log WHERE Recipient-Address = 'tom.jones@mydomain.com'"

    (remove brackets around Where predicate, changed LIKE to = [though i think it will default to = if you don't specify a wild card anywhere] and added single quotes to the literal)

    If you want to do a LIKE, you should use

    logparser  -i:w3c "SELECT Recipient-Address  FROM C:\logs\*.log WHERE Recipient-Address like 'tom.jones%'"

    This would return all those whose email begins with tom.jones

    Hope this helps

    Loz

    W3C input format

  • Re: Trouble with syntax and extracting info from Exchange Tracking logs

    Feb 15, 2007 10:28 AM|Anonymous|LINK

    One other advatange of like over = is like is case insensitive.  The () were fine, your problem was the lack the the single quote, required to specify a string.

     

    W3C input format

  • Re: Trouble with syntax and extracting info from Exchange Tracking logs

    Feb 15, 2007 12:24 PM|Anonymous|LINK

    LogParser User : SkylarB

    Quote: Hi SkylarB I've never used LP to extract event logs (but i've used it for IIS logs etc). Your SQL syntax looks incorrect. Try: logparser  -i:w3c "SELECT Recipient-Address  FROM C:\lo...

    Thanks for the info.. corrected the syntax and got the results I needed.

    I appreciate you taking the time to respond.

    W3C input format

  • Re: Trouble with syntax and extracting info from Exchange Tracking logs

    Feb 15, 2007 12:26 PM|Anonymous|LINK

    LogParser User : SkylarB

    Quote: Hi SkylarB I've never used LP to extract event logs (but i've used it for IIS logs etc). Your SQL syntax looks incorrect. Try: logparser  -i:w3c "SELECT Recipient-Address  FROM C:\lo...

    The information was very useful, thanks for your time and help

    W3C input format

  • Re: Trouble with syntax and extracting info from Exchange Tracking logs

    Feb 15, 2007 12:29 PM|Anonymous|LINK

    LogParser User : SkylarB

    Quote: One other advatange of like over = is like is case insensitive.  The () were fine, your problem was the lack the the single quote, required to specify a string.  

    Jeff,

    One of the responses to Loz_d was meant for you. Obviously as a newbie I am still learning to navigate the forum as well as learn Log Parser. Thanks for your time... 

    W3C input format