In this post I have discussed about Merge-SPLogFile and Get-SPLogEvent in both versions SharePoint 2010 and 2013.
Cmdlet
|
Description
|
Purpose
|
Get-SPLogEvent
|
Reads/queries ULS trace logs.
|
Trace Log Querying and Filtering
|
Merge-SPLogFile
|
Combines trace log files from all farm servers into a single file in local machine.
|
Trace Log Merging
|
Merge-SPLogFile
Merge-SPLogFile cmdlet combines trace log entries from all farm computers into a single log file on the local computer. You can run this command from PowerShell.
This will be very much helpful if you are working in multiserver environment. As SharePoint maintains log entries in each server, by using this command you can pull them in a single file.
You can filter based on various criteria like StartTime, EndTime, Process, Area, Category, EventID and Message etc.
If you are a Server Administrator than its great that you have shell admin rights to troubleshoot.
Let’s see how these cmdlets will be helpful.
So we got an error. Open SharePoint Management Shell(run as administrator) in any SharePoint server of the farm.
Run the Merge-SPLogFile cmdlet. Using the correlation ID we got from our error above, we have something that looks like this:
Merge-SPLogFile -Path ".\error.log" -Correlation "5ca5269c-8de5-4091-3f1b-f179af4d5121"
|
We can then open our log file with ULS Viewer and see the specific exception:
See More for more filtered result:
Syntax given in Technet
Merge-SPLogFile -Path <String> [-Area <String[]>] [-AssignmentCollection <SPAssignmentCollection>] [-Category <String[]>] [-ContextFilter <String[]>] [-Correlation <Guid[]>] [-EndTime <DateTime>] [-EventID <String[]>] [-ExcludeNestedCorrelation <SwitchParameter>] [-Level <String>] [-Message <String[]>] [-Overwrite <SwitchParameter>] [-Process <String[]>] [-StartTime <DateTime>] [-ThreadID <UInt32[]>]
|
Below are some cmdlets of Merge-SPLogFile which will be useful:
Example 1: Merge log of last hour
Merge-SPLogFile -Path "C:\Logs\FarmMergedLog.log" -Overwrite
|
------------------------------------------
Example 2: Merge log of last hour
Merge-SPLogFile -Path "C:\Logs\FarmMergedLog.log" -Overwrite -Area Search
|
------------------------------------------
Example 3: Merge the log data of level High
Merge-SPLogFile -Path "C:\Logs\FarmMergedLog.log" -Overwrite -Level High
|
------------------------------------------
Example 4: Merge the log data based on a Correlation ID
Merge-SPLogFile –Path “S:\SPLogs\MergedLogs.log” –Correlation 3ae2a6c0-da14-43a1-afda-5bb6bbff3d43 -Overwrite
|
------------------------------------------
Example 5: Merge the log data within filtered time (USA Local)
Merge-SPLogFile -Path "C:\Logs\FarmMergedLog.log" -Overwrite -StartTime "06/09/2008 16:00" - EndTime "06/09/2008 16:15"
|
------------------------------------------
Example 6: merge the log data for all user names that have a contoso\user or Contoso/user format.
Merge-SPLogFile -Overwrite -Path d:\2.log –ContextFilter “user=contoso?user”
|
Get-SPLogEvent
One of the quick & awesome ways to do this is to simply hook up a PowerShell console (SharePoint 2010 Management Shell) and then just write the following command (replace the <GUID> with the Correlation Id ):
Get-SPLogEvent | ?{$_Correlation -eq "<GUID>" }
|
You might want to be more precise and get more specific details out of your query, then you can try something like this:
Get-SPLogEvent | ?{$_.Correlation -eq "<GUID>"} | select Area, Category, Level, EventID, Message | Format-List > C:\mylog.log
|
Hope this will be helpful !!!
For more information about viewing SharePoint logs using Get-SPLogEvent, see TechNet Articles
Powershell Cmdlets with ULS Logging
No comments:
Post a Comment