Let me preface this post by saying this: I'm a tad lazy.  However, the newest addition to our team, Brad Hughes, is not.  Far from it.  That being said, he took it upon himself to rewrite my "Rough & Tough" approach to parsing ESE logs in Powershell.  Enjoy ...

 

1.    Download & install Powershell

2.  Download & install strings.exe; make sure strings.exe is in your path

3.    Place all your transaction logs into a temp directory (i.e. D:\templogs)

4.    Fire up Powershell

5.    Run the following command:

 

strings.exe -q -n 16 D:\templogs\*.log | foreach-object { ($_.Split(":".ToCharArray(),3)[2]) }| group-object | select-object count,name | sort count | export-csv C:\temp\output.csv

 

 

What this is doing:

 

·         Identifies all strings in the logs greater than 16 chars

·         Removes the D:\templogs\E00xxxx.log: from the output

·         Sorts the output

·         Finds all duplicate records, and retains a count

·         Sorts the final output (ending with the largest # of occurrences)

·         Writes all the output to D:\templogs\output.csv

 

As before, the output will be sorted from the least number of repeating occurences to greatest, but now it's in a nifty csv format that you use Excel to do all sorts of fancy sorting.

 

Note: this post will probably be obsolote in the next 15 minutes, as Brad will likely re-write this in assembly next.

 

Update: you'll have to put the output.csv file into a different directory from the logs that you're trying to parse.  Otherwise, you'll get into an endless loop where we try to parse the output.csv file as well.

 

strings.exe -q -n 16 D:\templogs\*.log | foreach-object { ($_.Split(":".ToCharArray(),3)[2]) }| group-object | select-object count,name | sort count | export-csv C:\temp\output.csv