Query Syntax

<query>

::=

<select_clause>
[ <using_clause> ]
[ <into_clause> ]
<from_clause>
[ <where_clause> ]
[ <group_by_clause> ]
[ <having_clause> ]
[ <order_by_clause> ]

Remarks:

A query can include comments, that is, user-provided text not evaluated by Log Parser, used to document code or temporarily disable parts of query statements.
For more information, read the Comments Reference.

Examples:

A. Minimal query
The following example shows the minimal query that can be written with the Log Parser SQL-Like language, making use of the SELECT and FROM clauses only:
SELECT TimeGenerated, SourceName
FROM   System
B. Complete query
The following example shows a complete query that makes use of all the clauses in the Log Parser SQL-Like language:
SELECT   TypeName, COUNT(*) AS TotalCount
USING	TO_UPPERCASE( EXTRACT_TOKEN(EventTypeName, 0, ' ') ) AS TypeName
INTO	 Report.csv
FROM	 System
WHERE	TypeName LIKE '%service%'
GROUP BY TypeName
HAVING   TotalCount > 5
ORDER BY TotalCount DESC

Query Syntax

Remarks:

Examples:

A. Minimal query

B. Complete query

See also: