Another post about logparser
Ok, probably you’d seen dozens of posts about using logparser. So, I’ll explain my scenario and how it was “easy” to solve it using a custom logparser query.
My customer had an issue in his IIS5 WebServer and all request were returning a http status 404. In some instant of time, they fixed the issue and then the server went back online.
Now the question is: was the server experiencing 404’s together with 200’s , or only 404’s? To answer this it would be great to have a single graphic where I could see all the 200 and 404 requests. This could be done easily with the following logparser query:
Logparser "SELECT
TO_LOCALTIME(QUANTIZE(TO_TIMESTAMP(date, time), 60)) AS Minutes,
sum(s200) as http_200,
sum(s404) as http_404
USING case sc-status when 200 then 1 else 0 end as s200,
case sc-status when 404 then 1 else 0 end as s404
INTO http_status.gif
FROM ex*.log
GROUP BY Minutes ORDER BY Minutes" -i:W3C -o:CHART -charttype:Line -groupsize:1600x480
-chartTitle "STATUS HTTP (200 x 404)"
This query creates something like this:
We clearly could see that server was experiencing only 404s (purple line) and then application was fixed and the returned status code changed to 200’s (blue line).
Last word: logparser rocks!
