FREE: EVT LogParser – A Windows event log parser

EVT LogParser is a free event log parser that allows you to filter output according full text search in the message text.

Author
Recent Posts

Michael Pietroforte

Michael Pietroforte is the founder and editor in chief of 4sysops. He has more than 35 years of experience in IT management and system administration.

Latest posts by Michael Pietroforte (see all)

Pip install Boto3 - Thu, Mar 24 2022
Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
Automatically mount an NVMe EBS volume in an EC2 Linux instance using fstab - Mon, Feb 21 2022

The new event log viewer that came with Windows Vista is a major improvement that every Windows admin should appreciate. The filter and search features are great. However, one tiny feature is missing. You can't filter the output according to a full text search through its GUI. You can only use Event Viewer's search function to find specific terms in the event log message. But this means that you have to jump from entry to entry, which can be a bit cumbersome in some situations. Of course, you can also write your own parser. If you don't like to mess with XML, however, you should have a look at EVT LogParser.

The free event log parser allows you to load saved event logs and then filter the output according to the event ID, event sources, event type, and a keyword in the message text. The latter feature is the only thing you can't do with the Windows Event Viewer.

To save events, you have to select one of the Windows logs and then click "Save all events." You can also use Event Viewer's own filter and then use this output for your search in EVT LogParser.

Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 save event logs in the evtx format, which you can load into EVT LogParser when you run the tool on one of those Windows versions. If you use EVT LogParser on Windows XP, you can only load the old evt format because the event log parser uses the API of LogParser.dll to parse event logs.

You also can't load evt files on Windows versions that work with the evtx format. However, you can convert the evt format to evtx if you have some old saved event logs that you would like to parse. You can load the evt file in Event Viewer on Windows 7 (or Vista) and save it as an evtx file. If you have many evt files you want to convert, you can use the Windows command tool WevtUTIL. The programmer of EVT LogParser has more information on his blog.