Archive

Archive for December, 2014

SharePoint 2013: Querying SharePoint log files

December 31, 2014 Leave a comment

Hi Friends,

While working as a SharePoint developer every one of us need to go to SharePoint log files to check exact nature and cause of error. SharePoint logs provide us vital information to resolve the issue. SharePoint provides us correlation id to get the details about the issue, but it is difficult some times to go and check the log files and manually find the error in log and get the cause, as log files are huge sometimes.

To resolve this we have some PowerShell cmdlets which we can use to search in log files. Some of them are Get-SPLogEvent and Merge-SPLogFile. We can discuss about them in more detail below.

1. Get-SPLogEvent-

We can use Get-SPLogEvent to query log files when either single server farm in place or we have knowledge on which server the error gets logged.So Get-SPLogEvent will query the logs in the same server where PowerShell command gets executed.Some of the samples below –

get-splogevent | ?{$_.Message -like "*Monitored*" -and $_.Correlation -eq "2713db9c-f21e-e0bc-3393-95ddcbf60bd0"} | select Area, Category, Level, EventID, Message | Format-List > C:\Log1.log

Above command will search with specified correlation id and get the content where message contains ‘Monitored’ word and dump the requested fields (Area, Category, Level, EventID, Message) in file Log1.log

get-splogevent | ?{$_.Correlation -eq "2713db9c-f21e-e0bc-3393-95ddcbf60bd0"} | select Area, Category, Level, EventID, Message | Format-List > C:\Log2.log

Above command will search with specified correlation id and dump the requested fields (Area, Category, Level, EventID, Message) in file Log2.log at specified path

You can use the above commands directly also on powershell to get the details directly instead of creating a file out of it, like

get-splogevent | ?{$_.Message -like "*user*" -and $_.Correlation -eq "2713db9c-f21e-e0bc-3393-95ddcbf60bd0" -and $_.Level -eq "Medium" -and $_.Category -eq "App Deployment"} | select Area, Category, Level, EventID, Message

Above command will search with specified correlation id and get the content where message contains ‘user’ word , Level is ‘Medium’ and Category equals ‘App Deployment’ and display the requested fields (Area, Category, Level, EventID, Message) on PowerShell window.

get-splogevent -StartTime "12/11/2014 10:00" -EndTime "12/12/2014 18:00"

Above command will search the logs with specified date range and display on PowerShell window.

2. Merge-SPLogFile-

We can use Merge-SPLogFile to query log files when we have a scenario where mult-server farm in place and we do not have idea where exactly the error get logged. i.e. timer service is running on four servers and the current timer request is served by Server1 then error get logged on server1. Some of the samples below –

Merge-SPLogFile -Path "C:\Log1.log" -Overwrite -Message "*Monitored*" – Correlation "2713db9c-f21e-e0bc-3393-95ddcbf60bd0"

Above command will search with specified correlation id and get the content where message contains ‘Monitored’ word and dump the details in file Log1.log

Merge-SPLogFile -Path "C:\Log2.log" -Overwrite -Message "*Monitored*" – Correlation "2713db9c-f21e-e0bc-3393-95ddcbf60bd0"

Above command will search with specified correlation id and dump the details in file Log2.log

Merge-SPLogFile -Path "C:\Log3.log" -Overwrite -StartTime "12/11/2014 10:00" - EndTime "12/12/2014 18:00"

Above command will search the logs with specified date range and dump the details in file Log3.log.
Hope this will reduce some of the debugging efforts.

“As the year comes to an end, don’t look back at yesterday’s disappointment. Look ahead to God’s promises yet to unfold.” ― Buky Ojelabi, comtemporary blogger
Happy new year 2015.

Advertisements