Parsing Log files using windows PowerShell

An administrator can sometimes get in to a tricky spot, when someone asks questions about parsing log
files :) In this blog , we shall see how to parse IIS logs using PowerShell cmdlets. 

Recently, my colleague Ajay was troubleshooting EWS issue and had multiple huge IIS logs from different servers. 

We had tried to open the logs using a lot of large file viewer tools but no luck in opening them :(

Then we thought, Why not use the power of select-string to find out all the /EWS requests?  So, here it is :

In Powershell cmd  prompt, please navigate to the location where you have saved the IIS logs, and
run the below command : 

Get-Content ".\*log" | ? { ($_ | Select-String "/ews")}   

The above command would give us all the EWS requests.

To filter this to a particular user name, use the below command:

Get-Content ".\*log" | ? { ($_ | Select-String "/ews") -and ($_ | Select-String "Useralias")}   

 

Some more options that will be more commonly required : 

For Outlook Web Access : Replace EWS with OWA 

For EAS : Replace EWS with Microsoft-server-activesync 

For ECP : Replace EWS with ECP

 

To find out the count of the EWS request we can go ahead and run the below command

(Get-Content ".\*log" | ? { ($_ | Select-String "/ews") -and ($_ | Select-String "Useralias")}).count

 

-Written By  Naveen Vasudevan Technical Lead