Working with Log Files
To open a log file for reading, call PdhOpenQuery and specify a path to the log file. To open a log file for writing, you must call PdhOpenLog. To close a log file, call either PdhCloseQuery or PdhCloseLog depending on which function you used to open the log file.
Reading from a log file
Reading performance data from a log file is the same as reading data from a real time source—you open a query, add counters to the query and call PdhCollectQueryData to collect a sample from the log file. PdhCollectQueryData returns PDH_NO_MORE_DATA when you reach the end of the log file.
Each sample in the log file contains a time stamp for when it was originally collected and written to the log file. To retrieve the time stamp for the first and last sample in the log file, call the PdhGetDataSourceTimeRange function. If you want to limit the samples that you read from the log to a specific time range, see Setting a Time Range for a Query.
If you do not know which performance objects and counters exist in the log file, you can call PdhEnumObjects to determine the list of objects. Given an object, you can call either PdhEnumObjectItems or PdhExpandWildCardPath to retrieve a list of the object's instances and counters contained in the log file.
If you call PdhEnumObjectItems, use the instance and counter lists to create a path for each possible combination of instance and counter. When you call PdhAddCounter to add the counter to the query, the function will fail if the log file does not contain the given combination.
If you use PdhExpandWildCardPath, you can create a path that contains a wildcard for the instance name and counter, for example, \object(*)\*. The function returns PDH_INVALID_PATH if the object does not contain an instance. In this case, call PdhExpandWildCardPath using a wildcard for counter only, for example, \object\*.
Newer operating systems can read log files that were generated on older operating systems; however, log files that were created on Windows Vista and later operating systems cannot be read on earlier operating systems.
For an example that reads data from a log file, see Reading Performance Data from a Log File.
Reading from multiple log files
If you need to create a query that reads from several log files, call the PdhBindInputDataSource to bind the log files together. You then need to use PDH functions that end in 'H', for example, PdhOpenQueryH.
Writing to a log file
Before writing to a log file, call PdhOpenQuery to create a query and specify the source of the performance data, either real time data or a log file. Then, add the counters that you want to query.
To open the destination file, call PdhOpenLog. Specify the query when you open the log file. To collect the performance data and write it to the log file, call PdhUpdateLog.
If the counter data is being written to comma-delimited (.csv) or tab-delimited (.tsv) log file and the path contains a wildcard instance, the path is expanded and only those instances that exist at the time the path is expanded are included in the log file. However, for binary (.blg) or SQL log files, the wildcard is not expanded so that the log file contains instances that are created during logging.
For an example that writes data to a log file, see Writing Performance Data to a Log File.
Compressing a log file
You can use the PdhComputeCounterStatistics function to compress a log file. For example, read ten records from a log file, call PdhComputeCounterStatistics to compute the mean value and then write the mean value to an output log file.
The following topic provides additional information on using a log file.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for