日志解析器 2.2 跳过当今的 IIS 日志

发布于 2024-08-11 06:20:57 字数 796 浏览 4 评论 0原文

我试图通过使用 Log Parser 2.2 解析 IIS 日志来计算网站上特定 URL 的点击次数。一切似乎都工作正常，除了它对时间戳的处理让我非常困惑。

IIS 日志具有以 UTC 时间表示的所有时间戳。因此，在我的应用程序中，我将服务器时间转换为 UTC，然后再将其插入查询。但是，当我尝试查询当天的数据时，尽管我看到了日志文件中的记录，但我得到的计数为零。我尝试运行以获取当天内所有内容的生成查询看起来像这样（查询于 2009 年 11 月 11 日运行，我使用的是亚利桑那州时间）：

SELECT COUNT(*) 
FROM \\Server\IIS Logs\LogFiles\W3SVC1\u_ex*.log
WHERE 
    cs-method = 'GET' 
    AND cs(Referer) NOT LIKE '%ntorus%'
    AND c-ip NOT LIKE '192%'
    AND c-ip NOT LIKE '127%'
    AND (
        cs-uri-stem = '/' 
        OR cs-uri-stem = '/myurl')
    AND sc-status BETWEEN 200 AND 299 
    AND date BETWEEN 
        TIMESTAMP('2009-11-11 07:00', 'yyyy-MM-dd hh:mm') 
        AND TIMESTAMP('2009-11-12 07:00', 'yyyy-MM-dd hh:mm')

由于某种原因，当天的数据看起来是被跳过。当查询较早的日期时，我可以正常返回数据。为什么会发生这种情况？

原文

I'm trying to count the number of hits for a particular URL on our web site by parsing our IIS logs using Log Parser 2.2. Everything seems to be working fine, except that its handling of timestamps is greatly confusing me.

The IIS logs have all of the timestamps expressed in UTC time. Therefore, in my application, I convert the server's time to UTC before plugging it into the query. However, when I try to query for the current day's data, I get back a zero count, despite me seeing the records in the log file. The generated query I try to run to get everything within the current day looks something like this (the query is run on 11/11/2009, and I'm using Arizona time):

SELECT COUNT(*) 
FROM \\Server\IIS Logs\LogFiles\W3SVC1\u_ex*.log
WHERE 
    cs-method = 'GET' 
    AND cs(Referer) NOT LIKE '%ntorus%'
    AND c-ip NOT LIKE '192%'
    AND c-ip NOT LIKE '127%'
    AND (
        cs-uri-stem = '/' 
        OR cs-uri-stem = '/myurl')
    AND sc-status BETWEEN 200 AND 299 
    AND date BETWEEN 
        TIMESTAMP('2009-11-11 07:00', 'yyyy-MM-dd hh:mm') 
        AND TIMESTAMP('2009-11-12 07:00', 'yyyy-MM-dd hh:mm')

It looks like for some reason the current day's data is getting skipped. When querying earlier dates, I get back data just fine. Why is this happening?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

泪意 2024-08-18 06:20:57

雅各布，
谢谢你的帖子。我在比较 IIS 日志中的日期/时间时也遇到了问题。通过结合您的问题和解决方案，我能够在没有 TO_STRING 的情况下进行搜索。

    TO_TIMESTAMP(date, time) 
        BETWEEN TIMESTAMP('2009-11-11 07:00', 'yyyy-MM-dd hh:mm')  
            AND TIMESTAMP('2009-11-12 07:00', 'yyyy-MM-dd hh:mm')

完整来源：

SELECT COUNT(*)  
FROM \\Server\IIS Logs\LogFiles\W3SVC1\u_ex*.log 
WHERE  
    cs-method = 'GET'  
    AND cs(Referer) NOT LIKE '%ntorus%' 
    AND c-ip NOT LIKE '192%' 
    AND c-ip NOT LIKE '127%' 
    AND ( 
        cs-uri-stem = '/'  
        OR cs-uri-stem = '/myurl') 
    AND sc-status BETWEEN 200 AND 299  
    AND TO_TIMESTAMP(date, time) 
        BETWEEN TIMESTAMP('2009-11-11 07:00', 'yyyy-MM-dd hh:mm')  
            AND TIMESTAMP('2009-11-12 07:00', 'yyyy-MM-dd hh:mm')

Jacob,
Thanks for your post. I was also having trouble comparing date/times in IIS logs. By combining your question and solution I was able to search without the TO_STRING.

    TO_TIMESTAMP(date, time) 
        BETWEEN TIMESTAMP('2009-11-11 07:00', 'yyyy-MM-dd hh:mm')  
            AND TIMESTAMP('2009-11-12 07:00', 'yyyy-MM-dd hh:mm')

Full Source:

SELECT COUNT(*)  
FROM \\Server\IIS Logs\LogFiles\W3SVC1\u_ex*.log 
WHERE  
    cs-method = 'GET'  
    AND cs(Referer) NOT LIKE '%ntorus%' 
    AND c-ip NOT LIKE '192%' 
    AND c-ip NOT LIKE '127%' 
    AND ( 
        cs-uri-stem = '/'  
        OR cs-uri-stem = '/myurl') 
    AND sc-status BETWEEN 200 AND 299  
    AND TO_TIMESTAMP(date, time) 
        BETWEEN TIMESTAMP('2009-11-11 07:00', 'yyyy-MM-dd hh:mm')  
            AND TIMESTAMP('2009-11-12 07:00', 'yyyy-MM-dd hh:mm')

回复收藏 0 原文

狠疯拽 2024-08-18 06:20:57

事实证明，日志解析器无法正确进行时间戳比较。但是，当我将时间戳转换为字符串时，字符串比较工作正常。修改后的查询如下所示：

SELECT COUNT(*) 
FROM \\Server\IIS Logs\LogFiles\W3SVC1\u_ex*.log
WHERE 
    cs-method = 'GET' 
    AND cs(Referer) NOT LIKE '%ntorus%'
    AND c-ip NOT LIKE '192%'
    AND c-ip NOT LIKE '127%'
    AND (
        cs-uri-stem = '/' 
        OR cs-uri-stem = '/myurl')
    AND sc-status BETWEEN 200 AND 299 
    AND TO_STRING(TO_TIMESTAMP(date, time), 'yyyy-MM-dd hh:mm') 
        BETWEEN '2009-11-11 07:00' AND '2009-11-12 07:00'

It turns out that Log Parser doesn't do time stamp comparisons properly. However, when I converted the time stamps to strings, string comparison worked fine. Here's what the modified query looks like:

SELECT COUNT(*) 
FROM \\Server\IIS Logs\LogFiles\W3SVC1\u_ex*.log
WHERE 
    cs-method = 'GET' 
    AND cs(Referer) NOT LIKE '%ntorus%'
    AND c-ip NOT LIKE '192%'
    AND c-ip NOT LIKE '127%'
    AND (
        cs-uri-stem = '/' 
        OR cs-uri-stem = '/myurl')
    AND sc-status BETWEEN 200 AND 299 
    AND TO_STRING(TO_TIMESTAMP(date, time), 'yyyy-MM-dd hh:mm') 
        BETWEEN '2009-11-11 07:00' AND '2009-11-12 07:00'

回复收藏 0 原文

╰つ倒转 2024-08-18 06:20:57

Log Parser 有一个功能可以为您将时间从 UTC 转换为本地时间：

AND TO_LOCALTIME(TO_TIMESTAMP(date, time))
    BETWEEN TIMESTAMP('2009-11-11 03:00', 'yyyy-MM-dd hh:mm')  
        AND TIMESTAMP('2009-11-12 03:00', 'yyyy-MM-dd hh:mm')

Log Parser has a function to convert the time from UTC to local for you:

AND TO_LOCALTIME(TO_TIMESTAMP(date, time))
    BETWEEN TIMESTAMP('2009-11-11 03:00', 'yyyy-MM-dd hh:mm')  
        AND TIMESTAMP('2009-11-12 03:00', 'yyyy-MM-dd hh:mm')

回复收藏 0 原文

~没有更多了~