All articles

« The elusive Robots.txt file | The Continued Struggle With Spiders »

Fun with Findstr

Posted June 19, 2008 and filed under Technology tags: findstr, troubleshooting

Did you know that reading your IIS logs can be made really simple by using the Findstr.exe command? This handy executable allows you to filter results based on almost anything you could imagine. For filtering you can include multiple strings, specific strings, case sensitive/insensitive filters, and even regular expressions. Using the pipe functionality you can filter the output from other applications into Findstr to get just the results that you want.

Take for example the need to look at your IIS log files. Suppose you want to see all of the files that have been downloaded. Using the command line you could enter:

type logfile01.log | findstr “file=”

That command would display all lines in the logfile01.log that included the string file=. That’s informative but not exactly what I am looking for. So let’s try the following syntax:

type logfile01.log | findstr /C:“GET /file.axd file=”

That’s a little better. Using the /C: I can search for a specific phrase instead of just an occurrence of the string. But what if I want to exclude any files that may have been downloaded by Microsoft’s msnbot and Yahoo’s Slurp? Try this syntax:

type logfile01.log | findstr /C:“GET /file.axd file=” | findstr /I /V “msnbot slurp”

Yes, that’s right. You can pipe the output of Findstr into another Findstr to perform multiple levels of filtering. In this example I have used the /I for case insensitivity and the /V to filter out any lines that contain the matching strings. I could also have used a regular expression to accomplish the same result:

type logfile01.log | findstr /C:“GET /file.axd file=” | findstr /I /V  /R “msnbot|slurp”

What if you only want to see when blog posts have been served? Try this syntax:

type logfile01.log | findstr "post/2008/06" | findstr /I /V "msnbot slurp baidu snapbot googlebot"

If you want to perform a query on more that one log file then you can use wildcards in your command line syntax. For example:

type *.log | findstr /C:“GET /file.axd file=”

One thing worth noting… I have noticed that Findstr has a problem when the search filter starts with a forward slash. For example:

C:\temp>type web.log | findstr "/post/2008/06"
FINDSTR: /t ignored
FINDSTR: // ignored
FINDSTR: /2 ignored
FINDSTR: /0 ignored
FINDSTR: /0 ignored
FINDSTR: /8 ignored
FINDSTR: // ignored
FINDSTR: /0 ignored
FINDSTR: /6 ignored
FINDSTR: Bad command line
The process tried to write to a nonexistent pipe.

I’m not exactly sure why this little bug happens but just remember this detail when you are crafting your search strings.

If you liked this article why not share it with others?

Fun with Netstat.exe Another gem of a tool, netstat.exe can provide some useful information when troubleshooting a conn...Tips For Using JavaScript On Your SiteI have several JavaScript's running on my blog that I use to enhance the user experience. On t...Code Archive #faqroot {width: 580px;margin: 0 auto;padding: 0;} #faqindex {width: 580px;} #faqindex ul {lis...

Add comment

Name*
E-mail* (Will show your Gravatar icon)
Website
b i u quote

Notify me when new comments are added

Fun with Findstr

Related posts

Add comment

My Resources

Recent comments

Interesting Articles

Interesting Links

Fun with Findstr

Related posts

Add comment

Chris Blankenship

My Resources

Recent comments

Interesting Articles

Interesting Links