Solved: Logparser and Symantec Enterprise Vault event log

SamChougule · ‎02-18-2010

Greetings i am trying to use MS logparser to extract events from the Symantec Enterprise Vault event log, here is what I have

LogParser.exe -i:EVT -o:CSV "select DISTINCT ComputerName,EventLog,EventID,EventTypeName,EventCategoryName,SourceName,Strings,Message into C:\OPS\testev.evt FROM "\\servername\Symantec Enterprise Vault" WHERE (EventTypeName = 'Error event' AND EventID NOT IN(11;1111;1106))
The error I am getting
Error: detected extra argument "Enterprise" after query

without the quotes for referring the event log

C:\>LogParser.exe -i:EVT -o:CSV "select DISTINCT ComputerName,EventLog,EventID,EventTypeName,EventCategoryName,SourceName,Strings,Message into C:\OPS\testev.evt FROM \\servername\Symantec Enterprise Vault WHERE (EventTypeName = 'Error event' AND EventID NOT IN(11;1111;1106))
Error: Syntax Error: extra token(s) after query: 'Enterprise'

any help is appreciated.

Thanks,
Sam

SamChougule · ‎02-18-2010

got the correct syntax.

C:\>LogParser.exe -i:EVT -o:CSV "select DISTINCT ComputerName,EventLog,EventID,EventTypeName,EventCategoryName,SourceName,Strings,Message into C:\OPS\testev.evt FROM '\\servername\Symantec Enterprise Vault' WHERE (EventTypeName = 'Error event' AND EventID NOT IN(11;1111;1106))

use ' instead of " while specifying the event log..

View solution in original post

MichelZ · ‎02-18-2010

What happens with
\\servername\"Symantec Enterprise Vault"
?

cloudficient - EV Migration, creators of EVComplete.

SamChougule · ‎02-18-2010

got the correct syntax.

C:\>LogParser.exe -i:EVT -o:CSV "select DISTINCT ComputerName,EventLog,EventID,EventTypeName,EventCategoryName,SourceName,Strings,Message into C:\OPS\testev.evt FROM '\\servername\Symantec Enterprise Vault' WHERE (EventTypeName = 'Error event' AND EventID NOT IN(11;1111;1106))

use ' instead of " while specifying the event log..

VOX

Logparser and Symantec Enterprise Vault event log