Performance

The greatest performance impact on WebsiteFailedLogins is providing Logparser gigabytes upon gigabytes of logs. This can easily happen since Logparser recursively searches the provided LogPath.

Therefore practice good log maintenance. Place older logs in an archive allowing Logparser to only ingest what's necessary. Doing so will greatly improve performance. At a minimum, logparser needs access to logs with a rolling window beginning with the timestamp established by StartTime [0] to the current time [1].

[0] Establish StartTime: (Get-Date).ToUniversalTime().AddSeconds(<StartTime> * -1)
[1] Get current timestamp: [System.DateTime]::Now.ToUniversalTime()

The following is a useful one-liner for moving IIS log files to an archive folder. If possible, use NTFS Compression on the parent archive folder. Doing so will provide the benefits of storing IIS logs as a compressed file without having to "zip" them. This allows future Logparser queries to be run against the archived logs without having to extract zip files first.

Get-ChildItem -Path D:\IIS-Log-Path\ -Filter "u_ex*.log" | ?{ $_.LastWriteTime -lt (Get-Date).AddDays(-1) } | %{ Move-Item -LiteralPath $($_.FullName) -Destination D:\IIS-Log-Archive\ }