Windows – Event Viewer Parsing Through Log Parser Studio


Need to parse MS Windows Event Logs.

One of the ways to do so is to use Log Parser Studio.


Event Viewer

Let us save the events unto the File System.


  1. Launch Event Viewer
  2. Select the Logs you want ( Application / System / Security )
  3. Right click on the Logs and from the drop down menu, choose “Save All Events As …
  4. Choose Folder And Filename
  5. The file is saved with an extension of “Event Files (*.evtx )



Launch Save Event As

Choose Filename


Log Parser Studio


  1. Launch Log Parser Studio
  2. Choose Log Type: EVTLOG
  3. Enter Query
  4. Execute Query


Choose Log Type : EVTLOG

Sample Queries

/*  Find top 1000 warnings and errors in the Application Log 
    Levels: 1=Error, 2=Warning                                
           , ComputerName
           , EventCategoryName
           , EventTypeName
           , EventID
           , SourceName
           , Message
FROM 'C:\Temp\04_WindowsLogs_Applications_20170518_0403PM.evtx'
WHERE ( EventType = 1 OR EventType = 2 )
AND   (
               (SourceName like 'ASP%' )
            or (SourceName = '.NET Runtime' )
            or (SourceName = 'Application Error' )
ORDER BY TimeGenerated DESC

Click Execute Button

Click on the Execute Button – The Read icon with the exclamation mark!


Sample Output




  1. In Log Parser Studio, use menu File \ Export \ Output as .CSV
  2. In the “Choose Location to save CSV File” window, please specify folder and file name



File \ Export \ “Output as .CSV”


Choose Location to save CSV File

Excel File


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s