EVT LogParser is a free event log parser that allows you to filter output according full text search in the message text.
Latest posts by Michael Pietroforte (see all)

The new event log viewer that came with Windows Vista is a major improvement that every Windows admin should appreciate. The filter and search features are great. However, one tiny feature is missing. You can't filter the output according to a full text search through its GUI. You can only use Event Viewer's search function to find specific terms in the event log message. But this means that you have to jump from entry to entry, which can be a bit cumbersome in some situations. Of course, you can also write your own parser. If you don't like to mess with XML, however, you should have a look at EVT LogParser.

Windows Event Log Parser -EvtLogParser

The free event log parser allows you to load saved event logs and then filter the output according to the event ID, event sources, event type, and a keyword in the message text. The latter feature is the only thing you can't do with the Windows Event Viewer.

To save events, you have to select one of the Windows logs and then click "Save all events." You can also use Event Viewer's own filter and then use this output for your search in EVT LogParser.

Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 save event logs in the evtx format, which you can load into EVT LogParser when you run the tool on one of those Windows versions. If you use EVT LogParser on Windows XP, you can only load the old evt format because the event log parser uses the API of LogParser.dll to parse event logs.

You also can't load evt files on Windows versions that work with the evtx format. However, you can convert the evt format to evtx if you have some old saved event logs that you would like to parse. You can load the evt file in Event Viewer on Windows 7 (or Vista) and save it as an evtx file. If you have many evt files you want to convert, you can use the Windows command tool WevtUTIL. The programmer of EVT LogParser has more information on his blog.

EVT LogParser ^

1 Comment
  1. foo 7 years ago

    Can you please share source of your paser?

Leave a reply to foo Click here to cancel the reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2021

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account