Perform a count based on CS-URI-STEM=ActiveSync and SC-Status=401 and Timestamp
LOGPARSER “SELECT count(*) as hits, sc-status, cs-uri-stem from ‘\ExServer1c$inetpublogsLogFilesW3SVC1U_ex190301.log’ where sc-status=401 and cs-uri-stem=’/Microsoft-Server-ActiveSync/default.eas’ and time between timestamp(’15:00:00′,’hh:mm:ss’) and timestamp(’20:30:00′,’hh:mm:ss’) GROUP BY cs-uri-stem, sc-status order by hits desc” -i:IISW3C -q:off
OR perform it on a CMD loop
FOR /L %N IN () DO LOGPARSER “SELECT count(*) as hits, sc-status, cs-uri-stem from ‘\ExServer1c$inetpublogsLogFilesW3SVC1U_ex190301.log’ where sc-status=401 and cs-uri-stem=’/Microsoft-Server-ActiveSync/default.eas’ and time between timestamp(’15:00:00′,’hh:mm:ss’) and timestamp(’20:30:00′,’hh:mm:ss’) GROUP BY cs-uri-stem, sc-status order by hits desc” -i:IISW3C -q:off
Perform a line item pull of CS-URI-STEM=EAS and SC-Status=401 and Timestamp
logparser “Select * from ‘\ExServer1c$inetpublogsLogFilesW3SVC1U_ex190301.log’ Where sc-status=401 and cs-uri-stem=’/Microsoft-Server-ActiveSync/default.eas’ and time between timestamp(’15:00:00′,’hh:mm:ss’) and timestamp(’20:30:00′,’hh:mm:ss’)” -i:IISW3C -q:on >>c:tempeas.txt
#Perform a search based on CS-User and timeTimeStamp
logparser “Select * from ‘\ExServer1c$inetpublogsLogFilesW3SVC1U_ex190214.log’ Where cs-uri-query LIKE ‘%steve1%’ and time between timestamp(’15:00:00′,’hh:mm:ss’) and timestamp(’20:30:00′,’hh:mm:ss’)” -i:IISW3C -q:on >>c:tempsteve.txt
Ex-Shell 