If you are like me and open lots of saved event log files (*.evtx), such as those captured by the โmdmdiagnosticstool.exe -area Autopilot -cab c:\autopilot.cabโ command, you probably end up with an Event Viewer window that looks something like this:
Always opening, never closing (which you can do by right-clicking and choosing โDeleteโ). Fortunately, thereโs a KB article that tells you how to clean this up:
https://support.microsoft.com/en-us/help/2489761/how-to-delete-saved-logs-from-the-event-viewer
Simple process:
- Close all Event Viewer processes.
- Delete all the files from โC:\ProgramData\Microsoft\Event Viewer\ExternalLogsโ.
- Start up Event Viewer and see they are gone.
Yes, this is a self-serving post to save me the trouble of finding this the next time I need to do this ๐
Out of Office Hours 
3 responses to “Event Viewer and “Saved Logs””
Haha thanks for sharing ๐
Simple and effective post.
LikeLike
Great use of the blog ๐
I would’ve thought MS had an internal, multi tenant log reading tool
LikeLike
Well, there are mechanisms planned for collecting logs remotely, and eventually, to analyze them programmatically. But they have to be completely useful and decipherable first, and that takes human analysis still ๐
LikeLike