Protiviti / SharePoint Blog

SharePoint Blog

December 16
Quick Way to Parse SharePoint ULS Logs

Overview:

The purpose of this document is to provide steps to parse a large number of log/text files.   The following steps are an easy way to parse files from a command prompt.  In recent situations, I have used these steps to chase down log entries for correlations ID during SharePoint errors, when I was only provided and zip full of logs and the ID.  There are plenty of great log analyzing and parsing tools available these days but using “find” as outlined below works great in a pinch.

Note:   Correlation IDs are provided to the end users browser when something goes wrong in SharePoint

Use Cases:

I first started using this method years ago when I was an Exchange administrator and was tasked with tracking emails through log files.  Instead of using log viewers, this method was able to parse large amounts of log files very quickly and return only the log entries containing the strings I was interested in.

I have also used this method when direct access to problematic servers was not possible and I was instead only provided with logs files and information pertaining to the specific error. Process Steps:

Collect the relevant logs files into a folder.  These can be any plain text log files which need to be analyzed, such as SharePoint ULS logs and Exchange server logs.

Define the string/s you would be searching for and order them from least to most specific

Open a command prompt in windows and change the directory which contains the logs file you wish to parse

Process Steps:

Collect the relevant logs files into a folder.  These can be any plain text log files which need to be analyzed, such as SharePoint ULS logs and Exchange server logs.

Define the string/s you would be searching for and order them from least to most specific

Open a command prompt in windows and change the directory which contains the logs file you wish to parse

1216151.PNG
Run the following command:
find “String to search for” *.log > output.log
Note:  *.log can be user wildcards of specific file names.
Note:  > outout.log pipes the output to a new file named output.log, dropping the > output.log argument will display the results to the screen.
The output will return all lines in each log file being searched containing the string you are searching for.  However, it does include an entry notating which log file the log entries were parsed from.   This can add noise to the output.log file in between batch of lines parsed from different log files.
1216152.PNG
The extra line breaks and source logs information can be eliminated by running an identical find command for the same string on the output.log file piped to a new output file with a different name.   Example: find “String to search for” output.log > output2.log

1216153.PNG
There are additional options with the find command such as providing the line number from the source log/text files in the output in order to be able to examine other events happening during that time frame from the source log files that were parsed.



Quick Launch


© Protiviti 2019. All rights reserved.   |   Privacy Policy