How to Export Windows Event Logs from Event Viewer

The Windows Event logs provide very valuable information for diagnosing problems on the computer. Event logs store records of significant events on behalf of the system and applications running on the system.

This article tells you how to export the event logs to a file using the Event Viewer or the wevtutil console tool. The exported .evtx log can be sent to a support technician for diagnosis.

Export Windows Event Logs

To export the event logs to a file, follow one of the methods below.

Option 1: Using the Event Viewer

  1. Start the Event Viewer. To do so, right-click Start, click Run, type eventvwr.msc and click OK.
  2. The standard logs are “Application”, “Security”, and “System” which are listed under “Windows logs”. There are also other logs under a separate section named “Applications and Services Logs”. Select the log you want to export. For example, expand Windows Logs, and select System.
  3. Right-click on the log and click “Save All Events As…“.

    export event logs evtx

  4. Select the folder location where you want to save the .evtx file.
  5. If you’re exporting the log from a system that uses a non-English locale, select “English (United States)” from the languages list in the “Display Information” dialog. When you use this option, a subdirectory (“LocaleMetaData“) is created in the destination folder and all locale-specific information is saved in that subdirectory.export event logs evtx
  6. Click OK.
To send the logs to a support technician, zip all the files in the destination folder (i.e., the .evtx file(s) and the LocaleMetaData folder) and send the zip archive.

export event logs evtx - locale metadata

Option 2: Using Wevtutil.exe command-line

The built-in wevtutil.exe console tool can be used to export event logs.

For example, to export “Application”, “Security”, and “System” logs to a folder (e.g., D:\Temp), run the following commands from an admin Command Prompt window:

wevtutil epl Application D:\temp\application.evtx
wevtutil epl Security D:\temp\security.evtx
wevtutil epl System D:\temp\system.evtx

Exporting a log under “Application and Services Logs”

To export the “AppReadiness/Admin” log under the “Application and Services Logs” node, run:

wevtutil epl "Microsoft-Windows-AppReadiness/Admin" D:\temp\appreadiness-admin.evtx

The log name in the above example is “Microsoft-Windows-AppReadiness/Admin“. The list of event logs can be obtained by running the command wevtutil el. If a log name contains spaces, enclose the log name within double-quotes when running the wevtutil.exe command-line.

Note: There doesn’t seem to be a way to export local information when exporting the logs using wevtutil.exe. For more information about wevtutil.exe, see wevtutil | Microsoft Learn

That’s it. Repeat the above steps to save the other logs if required.

One small request: If you liked this post, please share this?

One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
  • Pin it!
  • Share it to your favorite blog + Facebook, Reddit
  • Tweet it!
So thank you so much for your support. It won't take more than 10 seconds of your time. The share buttons are right below. :)
RELATED: Wevtutil Error “The specified channel could not be found” when clearing an Event Log File
Tweet
Share
Share
0 Shares

Ramesh Srinivasan is passionate about Microsoft technologies and he has been a consecutive ten-time recipient of the Microsoft Most Valuable Professional award in the Windows Shell/Desktop Experience category, from 2003 to 2012. He loves to troubleshoot and write about Windows. Ramesh founded Winhelponline.com in 2005.

...

Leave a Comment