EVT Input Format Examples

Logons

Create an XML report file containing logon account names and dates from the Security Event Log:
LogParser "SELECT TimeGenerated AS LogonDate, EXTRACT_TOKEN(Strings, 0, '|') AS Account INTO Report.xml FROM Security WHERE EventID NOT IN (541;542;543) AND EventType = 8 AND EventCategory = 2"

Event Distribution

Retrieve the distribution of EventID values for each Event Source:
LogParser "SELECT SourceName, EventID, MUL(PROPCOUNT(*) ON (SourceName), 100.0) AS Percent FROM System GROUP BY SourceName, EventID ORDER BY SourceName, Percent DESC"

Event Message Report

Create TSV files containing Event Messages for each Source in the Application Event Log:
LogParser "SELECT SourceName, Message INTO myFile_*.tsv FROM \\MYSERVER1\Application, \\MYSERVER2\Application"


© 2004 Microsoft Corporation. All rights reserved.