Solved

SQL Query of Print event ID 10 in event viewer

Posted on 2011-02-15
4
701 Views
Last Modified: 2012-05-11
I have logparser 2.2 from microsoft.  ANd I have some example SQL queries for event viewer.
But I'm not an SQL person so I don't know how to modify this query.
The below query prints out who printed in the last 2 days and how many pages and the total file size.
I want a specific date range, like 2/4/11 thru 2/7/11 not the last 2 days
Can someone modify this so I can run that?
ALso, I'd prefer details instead of just totals, like filenames is really what I'm looking for.
The below script gives you totals

DatePrinted      FileOwner           FileSizeTotal      PagesPrintedTotal
2011-02-14      Julia          1216267      10
2011-02-15      Julia      116490016      69
2011-02-15      Paul      6499548                      58

SCRIPT BELOW:

SELECT
      TO_STRING(TimeGenerated, 'yyyy-MM-dd') AS DatePrinted,
      SUBSTR( Message, ADD(INDEX_OF(Message, ' owned by '), 10), SUB(SUB(INDEX_OF(Message, ' was printed on '), INDEX_OF(Message, ' owned by ' )), 10) )  AS FileOwner,
      SUM(TO_INT(SUBSTR( Message, ADD(INDEX_OF(Message, '. Size in bytes: '), 17), SUB(SUB(INDEX_OF(Message, '; pages printed: '), INDEX_OF(Message, '. Size in bytes: ' )), 17) ) ) ) AS FileSizeTotal,
      SUM(TO_INT(TRIM(SUBSTR( Message, ADD(INDEX_OF(Message, '; pages printed: '), 17), SUB(SUB(STRLEN(Message), INDEX_OF(Message, '; pages printed: ' )), 17) ) ) ) ) AS PagesPrintedTotal
INTO PrintJobsLast2DaysByOwner.txt
FROM System
WHERE (EventID = 10
      AND TimeGenerated >
            SUB( TO_LOCALTIME(SYSTEM_TIMESTAMP()), TIMESTAMP('0000-01-03 00:00:00', 'yyyy-MM-dd hh:mm:ss'))
      )
GROUP BY DatePrinted, FileOwner


SELECT 
	TO_STRING(TimeGenerated, 'yyyy-MM-dd') AS DatePrinted,
	SUBSTR( Message, ADD(INDEX_OF(Message, ' owned by '), 10), SUB(SUB(INDEX_OF(Message, ' was printed on '), INDEX_OF(Message, ' owned by ' )), 10) )  AS FileOwner,
	SUM(TO_INT(SUBSTR( Message, ADD(INDEX_OF(Message, '. Size in bytes: '), 17), SUB(SUB(INDEX_OF(Message, '; pages printed: '), INDEX_OF(Message, '. Size in bytes: ' )), 17) ) ) ) AS FileSizeTotal,
	SUM(TO_INT(TRIM(SUBSTR( Message, ADD(INDEX_OF(Message, '; pages printed: '), 17), SUB(SUB(STRLEN(Message), INDEX_OF(Message, '; pages printed: ' )), 17) ) ) ) ) AS PagesPrintedTotal
INTO PrintJobsLast2DaysByOwner.txt 
FROM System 
WHERE (EventID = 10 
	AND TimeGenerated >
		SUB( TO_LOCALTIME(SYSTEM_TIMESTAMP()), TIMESTAMP('0000-01-03 00:00:00', 'yyyy-MM-dd hh:mm:ss'))
	)
GROUP BY DatePrinted, FileOwner

Open in new window

0
Comment
Question by:atrevido
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 41

Expert Comment

by:Sharath
ID: 34902274
check this.
SELECT t1.*, 
       SUM(TO_INT(SUBSTR(t1.Message,ADD(INDEX_OF(t1.Message,'. Size in bytes: '), 
                                        17),SUB(SUB(INDEX_OF(t1.Message,'; pages printed: '),
                                                    INDEX_OF(t1.Message,'. Size in bytes: ')),
                                                17)))) 
         OVER(PARTITION BY DatePrinted,FileOwner ) AS FileSizeTotal, 
       SUM(TO_INT(TRIM(SUBSTR(t1.Message,ADD(INDEX_OF(t1.Message,'; pages printed: '), 
                                             17),SUB(SUB(STRLEN(t1.Message),INDEX_OF(t1.Message,'; pages printed: ')),
                                                     17))))) 
         OVER(PARTITION BY DatePrinted,FileOwner ) AS PagesPrintedTotal 
  INTO PrintJobsLast2DaysByOwner.txt 
  FROM (SELECT TO_STRING(t1.TimeGenerated,'yyyy-MM-dd') AS DatePrinted, 
               SUBSTR(Message,ADD(INDEX_OF(t1.Message,' owned by '),10), 
                      SUB(SUB(INDEX_OF(t1.Message,' was printed on '),INDEX_OF(t1.Message,' owned by ')),
                          10)) AS FileOwner, 
               t1.* 
          FROM System AS t1 
         WHERE (EventID = 10 
                AND TimeGenerated > SUB(TO_LOCALTIME(SYSTEM_TIMESTAMP()),TIMESTAMP('0000-01-03 00:00:00','yyyy-MM-dd hh:mm:ss')))) AS t1

Open in new window

0
 
LVL 12

Author Comment

by:atrevido
ID: 34902352
that didn't work

C:\Program Files\Log Parser 2.2>LogParser.exe -i:EVT -o:TSV file:test.sql
Error: Syntax Error: <from-clause>: expecting FROM keyword instead of token '*,'

but i figured at least the 3 day window out.

SELECT
      TO_STRING(TimeGenerated, 'yyyy-MM-dd') AS DatePrinted,
      SUBSTR( Message, ADD(INDEX_OF(Message, ' owned by '), 10), SUB(SUB(INDEX_OF(Message, ' was printed on '), INDEX_OF(Message, ' owned by ' )), 10) )  AS FileOwner,
      SUM(TO_INT(SUBSTR( Message, ADD(INDEX_OF(Message, '. Size in bytes: '), 17), SUB(SUB(INDEX_OF(Message, '; pages printed: '), INDEX_OF(Message, '. Size in bytes: ' )), 17) ) ) ) AS FileSizeTotal,
      SUM(TO_INT(TRIM(SUBSTR( Message, ADD(INDEX_OF(Message, '; pages printed: '), 17), SUB(SUB(STRLEN(Message), INDEX_OF(Message, '; pages printed: ' )), 17) ) ) ) ) AS PagesPrintedTotal
INTO PrintJobsFeb4ByOwner.txt
FROM System
WHERE (EventID = 10
      AND TimeGenerated BETWEEN TO_TIMESTAMP('2011-02-04 17:00:00', 'yyyy-MM-dd hh:mm:ss') AND TO_TIMESTAMP('2011-02-07 08:00:00', 'yyyy-MM-dd hh:mm:ss')

      )
GROUP BY DatePrinted, FileOwner
0
 
LVL 41

Accepted Solution

by:
Sharath earned 500 total points
ID: 34902379
may be this?
SELECT t1.*, 
       SUM(TO_INT(SUBSTR(t1.Message,ADD(INDEX_OF(t1.Message,'. Size in bytes: '), 
                                        17),SUB(SUB(INDEX_OF(t1.Message,'; pages printed: '),
                                                    INDEX_OF(t1.Message,'. Size in bytes: ')),
                                                17)))) 
         OVER(PARTITION BY t1.DatePrinted,t1.FileOwner ) AS FileSizeTotal, 
       SUM(TO_INT(TRIM(SUBSTR(t1.Message,ADD(INDEX_OF(t1.Message,'; pages printed: '), 
                                             17),SUB(SUB(STRLEN(t1.Message),INDEX_OF(t1.Message,'; pages printed: ')),
                                                     17))))) 
         OVER(PARTITION BY t1.DatePrinted,t1.FileOwner ) AS PagesPrintedTotal 
  INTO PrintJobsLast2DaysByOwner.txt 
  FROM (SELECT TO_STRING(t1.TimeGenerated,'yyyy-MM-dd') AS DatePrinted, 
               SUBSTR(Message,ADD(INDEX_OF(t1.Message,' owned by '),10), 
                      SUB(SUB(INDEX_OF(t1.Message,' was printed on '),INDEX_OF(t1.Message,' owned by ')),
                          10)) AS FileOwner, 
               t1.* 
          FROM System AS t1 
         WHERE (EventID = 10 
                AND TimeGenerated > SUB(TO_LOCALTIME(SYSTEM_TIMESTAMP()),TIMESTAMP('0000-01-03 00:00:00','yyyy-MM-dd hh:mm:ss')))) AS t1

Open in new window

0
 
LVL 12

Author Closing Comment

by:atrevido
ID: 34956193
I partially answered the question and the first attempt by the expert had many syntax errors.  Thanks for your help, you sent me in the right direction
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
This post looks at MongoDB and MySQL, and covers high-level MongoDB strengths, weaknesses, features, and uses from the perspective of an SQL user.
Via a live example, show how to extract insert data into a SQL Server database table using the Import/Export option and Bulk Insert.
Using examples as well as descriptions, and references to Books Online, show the documentation available for datatypes, explain the available data types and show how data can be passed into and out of variables.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question