The NT EventLog Explorer was developed to simplify manual retrieving and creating of event log related information for Microsoft Operations Manager. However, this tool can also replace Windows Event Viewer in some situations. In particular, if you want to access the event logs of a certain application or service, you will accomplish this faster using NT Event Log Explorer.
The Explorer-like user interface lets you navigate easily to specific sources. In Event Viewer, you would use the filter or the search function to list the event log entries of a certain source. If you don’t know the exact name of the source, this can be difficult. Thus, clicking through the “Event log tree” of NT EventLog Explorer will be faster in many cases.
Its main purpose certainly is to extract event log data for further processing. This can be useful even if you don’t need these data for Operations Manager, because EventLog Explorer is able to export data as an XML file. To export event log data, you have to select the entries in the right-hand pane, which contains the event list for selected sources. You can do this by manually checking the checkboxes of the relevant events or by using SQL WHERE-like statements. For this, you have to right-click in the event list and navigate to “Select events”. Then you have to enter the SQL Where-like expression.
Following is an example from the documentation:
Event > 10 and Event < 100 and Description like ‘%backup%’
It selects all events with IDs between 10 and 100, where the description of the event log entry contains the term “backup”. Then, you right-click again in the event list and navigate to “Mark selected”. The “Add to Execution” command copies these event log entries to the Event Execution Pane. There, you can select the events that interest you. When finished, you can save the events in the Event Execution Pane to an XML file.