tags:

views:

398

answers:

2
+2  Q: 

Log Parser 2.2 skipping today's IIS logs

I'm trying to count the number of hits for a particular URL on our web site by parsing our IIS logs using Log Parser 2.2. Everything seems to be working fine, except that its handling of timestamps is greatly confusing me.

The IIS logs have all of the timestamps expressed in UTC time. Therefore, in my application, I convert the server's time to UTC before plugging it into the query. However, when I try to query for the current day's data, I get back a zero count, despite me seeing the records in the log file. The generated query I try to run to get everything within the current day looks something like this (the query is run on 11/11/2009, and I'm using Arizona time):

SELECT COUNT(*) 
FROM \\Server\IIS Logs\LogFiles\W3SVC1\u_ex*.log
WHERE 
    cs-method = 'GET' 
    AND cs(Referer) NOT LIKE '%ntorus%'
    AND c-ip NOT LIKE '192%'
    AND c-ip NOT LIKE '127%'
    AND (
        cs-uri-stem = '/' 
        OR cs-uri-stem = '/myurl')
    AND sc-status BETWEEN 200 AND 299 
    AND date BETWEEN 
        TIMESTAMP('2009-11-11 07:00', 'yyyy-MM-dd hh:mm') 
        AND TIMESTAMP('2009-11-12 07:00', 'yyyy-MM-dd hh:mm')

It looks like for some reason the current day's data is getting skipped. When querying earlier dates, I get back data just fine. Why is this happening?

+1  A: 

It turns out that Log Parser doesn't do time stamp comparisons properly. However, when I converted the time stamps to strings, string comparison worked fine. Here's what the modified query looks like:

SELECT COUNT(*) 
FROM \\Server\IIS Logs\LogFiles\W3SVC1\u_ex*.log
WHERE 
    cs-method = 'GET' 
    AND cs(Referer) NOT LIKE '%ntorus%'
    AND c-ip NOT LIKE '192%'
    AND c-ip NOT LIKE '127%'
    AND (
        cs-uri-stem = '/' 
        OR cs-uri-stem = '/myurl')
    AND sc-status BETWEEN 200 AND 299 
    AND TO_STRING(TO_TIMESTAMP(date, time), 'yyyy-MM-dd hh:mm') 
        BETWEEN '2009-11-11 07:00' AND '2009-11-12 07:00'
Jacob  2009-11-12 18:46:55
A: 

Jacob, Thanks for your post. I was also having trouble comparing date/times in IIS logs. By combining your question and solution I was able to search without the TO_STRING.

    TO_TIMESTAMP(date, time) 
        BETWEEN TIMESTAMP('2009-11-11 07:00', 'yyyy-MM-dd hh:mm')  
            AND TIMESTAMP('2009-11-12 07:00', 'yyyy-MM-dd hh:mm')

Full Source:

SELECT COUNT(*)  
FROM \\Server\IIS Logs\LogFiles\W3SVC1\u_ex*.log 
WHERE  
    cs-method = 'GET'  
    AND cs(Referer) NOT LIKE '%ntorus%' 
    AND c-ip NOT LIKE '192%' 
    AND c-ip NOT LIKE '127%' 
    AND ( 
        cs-uri-stem = '/'  
        OR cs-uri-stem = '/myurl') 
    AND sc-status BETWEEN 200 AND 299  
    AND TO_TIMESTAMP(date, time) 
        BETWEEN TIMESTAMP('2009-11-11 07:00', 'yyyy-MM-dd hh:mm')  
            AND TIMESTAMP('2009-11-12 07:00', 'yyyy-MM-dd hh:mm')
JWalker  2010-03-02 03:06:51
Glad it helped and that you found a better way of doing it.
Jacob  2010-03-02 04:51:08

related questions

IE6 security login (debugging via VirtualPC)
Asp.net Reinstalling a DLL into the GAC
Failed to load resources from resource file.
What does an IISReset do?
How do I secure a folder used to let users upload files?
VBScript/IIS - How do I automatically set ASP.NET version for a particular website
IIS 6/COM+ hangs
Web server farms with IIS ? Basic Infos
.NET 3.5 Service Pack 1 causes 404 pages on ASP.NET Web App
What Url rewriter do you use for ASP.Net?
Publishing to IIS - Best Practices
ASP.NET Proxy Application
PHP on IIS
How do I stop IIS7 dropping my cookies?
HTTPS in IIS 5.1
Best tool for performance testing ASP.NET
Alternative Hostname for an IIS web site for internal access only
SQL Server 2008 FileStream on a Web Server
Solutions for working with multiple branches in ASP.Net
Dual vs. Quadcore on a Webserver
PHP Error - Uploading a file
Visual Studio 2008 debugger already attached work-around
Linux shell equivalent on IIS
Bandwith throttling in IIS 6 by IP Address
Checklist for IIS 6/ASP.NET Windows Authentication?