Event Viewer and “Saved Logs”

By Michael Niehaus on August 13, 2019 • ( 3 Comments )

If you are like me and open lots of saved event log files (*.evtx), such as those captured by the “mdmdiagnosticstool.exe -area Autopilot -cab c:\autopilot.cab” command, you probably end up with an Event Viewer window that looks something like this:

Always opening, never closing (which you can do by right-clicking and choosing “Delete”). Fortunately, there’s a KB article that tells you how to clean this up:

https://support.microsoft.com/en-us/help/2489761/how-to-delete-saved-logs-from-the-event-viewer

Simple process:

Close all Event Viewer processes.
Delete all the files from “C:\ProgramData\Microsoft\Event Viewer\ExternalLogs”.

Start up Event Viewer and see they are gone.

Yes, this is a self-serving post to save me the trouble of finding this the next time I need to do this 🙂

Categories: Windows 10

3 replies »

Fat Shark says:

August 14, 2019 at 8:13 am

Haha thanks for sharing 🙂
Simple and effective post.

LikeLike
Steve Weiner says:

August 14, 2019 at 2:06 pm

Great use of the blog 🙂
I would’ve thought MS had an internal, multi tenant log reading tool

LikeLike
- Michael Niehaus says:
  
  August 14, 2019 at 2:43 pm
  
  Well, there are mechanisms planned for collecting logs remotely, and eventually, to analyze them programmatically. But they have to be completely useful and decipherable first, and that takes human analysis still 🙂
  
  LikeLike

Out of Office Hours

Michael Niehaus' technology ramblings

Event Viewer and “Saved Logs”

3 replies »

Event Viewer and “Saved Logs”

Share this:

Like this:

Related

3 replies »