Hello,
I am trying to get the format (parameters positions) for the EventID 627 & 628 and using LogParser 2.2. It was working fine on Application Logs but seems not working on Security Log!!!
Syntax error?
C:\Program Files (x86)\Log Parser 2.2>LogParser.exe "SELECT Top1 Strings AS Parameters FROM Application WHERE EventID=301" Parameters --------------------------------------------------------------------------------------------- Windows|2052|Windows: |C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0105E.log Statistics: ----------- Elements processed: 4045 Elements output: 1 Execution time: 0.13 seconds C:\Program Files (x86)\Log Parser 2.2>
C:\Program Files (x86)\Log Parser 2.2>LogParser.exe "SELECT Top1 Strings AS Parameters FROM Security WHERE EventID=627"
c:\Program Files (x86)\Log Parser 2.2>LogParser.exe "SELECT Top1 Strings AS Para meters FROM Security WHERE EventID=627" WARNING: Input format not specified - using TEXTLINE input format. Error: SELECT clause: Syntax Error: unknown field 'Strings' To see valid fields for the TEXTLINE input format type: LogParser -h -i:TEXTLINE c:\Program Files (x86)\Log Parser 2.2>
Any idea?
Thanks,
DOm