Reputation: 435
Logparser - querying the remote event log
How safely can I use the LogParser 2.2 utility while querying the remote server's event log, in terms of CPU/memory/network?
I would like to perform a few event log queries on the production machines, without affecting performance of the running system.
For instance, when I run the below LogParser query:
SELECT QUANTIZE(TimeGenerated, 86400) AS Day, COUNT(*) AS [Total Errors] INTO
outFile.csv FROM \\AServerIWishConnectTo\APPLICATION where message
like '%error to seek%' GROUP BY Day ORDER BY Day ASC
.. would the above affect the "AServerIWishConnectTo" server a lot?
I'll add that the remote server is located in the local intranet.
Upvotes: 1
Views: 4869
Answers (1)
Reputation: 1579
It's really hard to say.
There are two types of network traffic generated by LogParser when you query remote event logs:
- The traffic generated by the Windows remote EventLog API, which consists basically of transfering the byte amount in that event log (Application, in your case); you can check the byte size by looking at the file at
c:\Windows\system32\winevt\Logs - The traffic generated to move the DLLs needed for resolution of messages: this consists of the whole DLL for each of the event sources registered in the (Application) event log
You can turn off resolution of messages by using -fullText:OFF, but then you won't be able to query for message like '%error to seek%.
As for CPU or Memory, querying a remote event log should not use any memory on the server, and a negligible amount of CPU.
Upvotes: 3
Related Questions
- Query IIS logs with extra fields using LogParser
- Logparser query does not give me any output
- LogParser JSON log files
- Logparser error when used with PowerShell
- Join Query Using LogParser
- Powershell remote-query for Server 2003's eventlog
- Querying svc log file with logParser
- Log Parser Query
- LogParser output and Powershell
- EventLogReader Remote Performance