Friday 31 October 2014

Log Parser Lizard creating custom regex format

I first heard about Log Parser Lizard (LPL) when Scot Hanselman blogged about it back in 2011 and since then its been part of my tool belt.

LPL makes analysing logs easy enabling you to point it at single log file, or even a directory of files, it will parse them and then allow you to query the data using SQL syntax.

LPL comes with a lot of predefined searches from Active Directory, IIS, event logs, etc and has the ability to allow you to define your own custom RegEx format for parsing text files.

Recently I needed to use the custom RegEx format, its not the easiest thing to do and as I couldn’t find any examples I thought I’d write up what I did to help me, and possibly anybody else that needs to do it, in the future.

Log Parser Lizard creating custom regex format

I first heard about Log Parser Lizard (LPL) when Scot Hanselman blogged about it back in 2011 and since then its been part of my tool belt.

LPL makes analysing logs easy enabling you to point it at single log file, or even a directory of files, it will parse them and then allow you to query the data using SQL syntax.

LPL comes with a lot of predefined searches from Active Directory, IIS, event logs, etc and has the ability to allow you to define your own custom RegEx format for parsing text files.

Recently I needed to use the custom RegEx format, its not the easiest thing to do and as I couldn’t find any examples I thought I’d write up what I did to help me, and possibly anybody else that needs to do it, in the future.