Another Cool Tool: The Log Parser Studio

The cool tools continue to roll out from the great folks in Redmond. This month marks the release of the Microsoft Log Parser Studio, a much needed GUI front end to the powerful Log Parser that you’ve probably heard of, even dabbled with, over the years. Log Parser, now at version 2.2, has been around for years and was always known as the go to tool for digging through tons of log files. Log Parser can consume log files in text, XML and CSV, and can also work with Event Logs, the registry, Active Directory and more. The only drawback to Log Parser 2.2 is that it’s command line.

The powerful search and output capabilities of Log Parser can find practically anything you can formulate a query for, and output it to another source including text, chart, SQL or even syslog format. The challenge for many is that the command line interface can be a turn-off, and the query language is not for the meek at heart. It works very well and is extremely powerful, but unless you are already used to writing SQL queries it can be more effort than you want to exert.

And that’s where Log Parser Studio(LPS) comes into play. First and foremost, LPS is a front end to Log Parser that favours Exchange Admins. LPS provides a graphical front end to Log Parser. This makes it much easier for a new user to start using the tool. With the familiar menu structures, the ability to run stored queries or build your own with a few mouse clicks, and to save you queries for later use really makes the tool more accessible to all.

LPS requires Log Parser 2.2, so if you haven’t yet installed it, it will prompt you to do so, and open your browser to the download page if you click yes. Log Parser 2.2 is a small MSI file that adds documentation, binaries, COM objects, and more. Interestingly, LPS is a self-contained directory of files, which includes the application, a configuration file, a DLL, and a couple of XML files. No installation is required; you just launch LPS and you’re ready to go. There’s also a egistry file for adding custom formats into your registry, and a sample folders file.

Exchange administrators are going to love LPS, because it comes chock-full of queries for Exchange protocols and interfaces. These include:

  • Exchange Web Services
  • ActiveSync
  • Outlook Web App
  • Exchange Control Panel
  • PowerShell queries
  • Outlook Anywhere.

In each category, there are several different queries already set up for you. Running a query is as simple as right-clicking the one you like, choosing run, and then (if this is the first time you have run a query) pointing LPS to the log file directory you want to query. LPS uses a tabbed interface, letting you open tabs for each “canned” query, as well as opening new tabs for queries you craft by hand.

If you have used the PowerShell ISE or other graphical tool such as SQL Management Studio, the interface will seem very familiar. In the lower pane of a tabbed query, you can view the actual query statements being used. In the upper, you will see the results of the query.

Queries can be run one at a time, or loaded into a batch process for larger jobs. You can also import new queries into your library from SQL or XML files, enabling you to build up a library of log queries for your use.

LPS has a search utility so you can easily find a particular query by keyword, but it also supports adding or removing queries from you own favourites, enabling you to quickly find a query you use often. When you run a query, you can view the results in the tool in a grid, or output the results in a variety of formats including CSV, text, or XML, or even to a chart format which can be copied and pasted into other reports.

Note that LPS is a 32bit application. If you are going to run a query that could potentially generate a lot of results (>50K) it’s best if you output that directly to a CSV file, rather than trying to display the results in the tool’s grid view. This way, you can quickly process and output the results, which you can then load into 64bit Excel, rather than running the LPS tool out of memory.

Download the Log Parser 2.2 tool from: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=24659 and then the Log Parser Studio from: http://gallery.technet.microsoft.com/Log-Parser-Studio-cd458765. Yes, that page is in Russian. I don’t understand why, but it’s the legitimate download page for this tool.

Written by Casper Manes

I currently work as a Senior Messaging Consultant for one of the premier consulting firms in the world, I cut my teeth on Exchange 5.0, and have worked with every version of Microsoft’s awesome email package since then, as well as MHS, Sendmail, and MailEnable systems. I've written dozens of articles on behalf of my past employers, their partners, and others, and I finally decided to embrace blogging and social media, so please follow me on Twitter @caspermanes if you enjoy my posts.

1 Comment

  1. Mario Twining · April 3, 2012

    This is an extremely welcome update. It always surprised me that Microsoft, ever trying to phase out any need for command line interfaces, hadn’t even thrown a mock-3.1-style GUI to Log Parser, and now that it’s here I think a lot of people will be less intimidated to use it more frequently. It’s an absolute time saver when going through big vaults of data.

Leave A Reply