Hi all, I’m trying to export some events from a .evtx file. I tried to use WEVTUTIL but this tool reeds directly from system event viewer. I belive Get-WinEvent and Get-EventLog can’t export to .evtx format file.
In other words my input and my output must be a .evtx file.
Thanks.
Hi Bart, I’ve visited the link. I think Get-WmiObject
can’t read from a evtx file. In my case I have a archive of evtx files, and sometimes we need to search some information from these files. I need to open a evtx file, search some event and export this data to another evtx file. Other cmdlets can do this but none can export the results to a evtx format file, this cmdlets can export to CSV or TXT but if you try to load this file (CSV or TXT) on the eventviewer software it fails.
Thanks.
no i cannot read from a evtx file, but you can import those in a machine and read it from there,
get events needed, use new-event… command to write the file to your own eventlog, and export that one with only your events
Read from evtx:
Get-WinEvent -Path 'C:\Test\Windows PowerShell.evtx'
Maybe you can load the evtx into the system, and then save it with wmi?