Windows 7 Exported *.evtx event logfiles later importable? join 2 *.evtx files?

P

pstein

Extraordinary Member
Joined
Mar 20, 2010
Assume I exported the current events into an external *.evtx log file.
Afterwards I cleaned all active event log entries.

However it could be that I want to re-check some particular events from the past (=from the exported event logfile). For´better view I would like to import them again into the official active event logs.

Is this possible?

How exactly? I found no "import" menu.

Another related question:

Assume I exported a series of *.evtx log files (e.g. every month).

Can I join/merge them together into ONE big *.evtx file?

How can I achieve this?

Peter
 
I tried this, and I was able to simply OPEN SAVED LOG to view a saved *.evtx log file. No import was necessary. Don't know about join/merge; never tried it. Perhaps someone else here can answer that one. I'm not sure what format that *.evtx log file is in since it's a file generated by a MMC Snap-in Console module. If we knew the file format, that would be helpful. There are 3rd party utilities out there such as on CNET (did you try there?) that do file operations such as join/merge. They don't always work for what you are trying to do (breaking very large files apart for Cloud upload for example); but you may find one that will work for you.

You can also go to Microsoft.com and access their knowledge-base and search for more information on this file type. If you have access to an MSDN subscription (Microsoft Developers), there might be more information there. It might be through your work or if you have any IT friends to get this one, as subscriptions can run from $1500 - $8000 per year or more. If you have a friend who is a Microsoft Certified Trainer (Education Partner), they would also have access to MSDN knowledgebase as well. It's a long shot, but worth mentioning.

Best of luck,:encouragement:
<<<BIGBEARJEDI>>>
 
I don't no that there is a built-in way to merge two or more logs. It could certainly be done easily enough with powershell.
  • Export the logs to text or csv format
  • Create a temporary event log
  • Write all the log entries into the temp event log
  • Export the temp log
  • Delete temp log
 
You must log in or register to reply here.

Similar threads

News
Remote work challenges inspire Windows 11 updates to increase productivity and lessen distractions
Replies
0
Views
2K
News
News
News
Announcing Windows 11 Insider Preview Build 25145
Replies
0
Views
1K
News
News
News
Available today: The Windows 11 2022 Update
Replies
0
Views
1K
News
News
News
Retrieve source maps securely in production in Microsoft Edge DevTools
Replies
0
Views
1K
News
News
News
Using Azure and Windows 11, IRZ consulting company helps farmers save water and power
Replies
0
Views
1K
News
News
Back
Top Bottom