It's really hard to say.
There are two types of network traffic generated by LogParser when you query remote event logs:
- The traffic generated by the Windows remote EventLog API, which consists basically of transfering the byte amount in that event log (Application, in your case); you can check the byte size by looking at the file at
c:\Windows\system32\winevt\Logs
- The traffic generated to move the DLLs needed for resolution of messages: this consists of the whole DLL for each of the event sources registered in the (Application) event log
You can turn off resolution of messages by using -fullText:OFF
, but then you won't be able to query for message like '%error to seek%
.
As for CPU or Memory, querying a remote event log should not use any memory on the server, and a negligible amount of CPU.