Windows 10

Event Viewer and “Saved Logs”

If you are like me and open lots of saved event log files (*.evtx), such as those captured by the “mdmdiagnosticstool.exe -area Autopilot -cab c:\” command, you probably end up with an Event Viewer window that looks something like this:


Always opening, never closing (which you can do by right-clicking and choosing “Delete”).  Fortunately, there’s a KB article that tells you how to clean this up:

Simple process:

  • Close all Event Viewer processes.
  • Delete all the files from “C:\ProgramData\Microsoft\Event Viewer\ExternalLogs”.
  • Start up Event Viewer and see they are gone.

Yes, this is a self-serving post to save me the trouble of finding this the next time I need to do this 🙂

Categories: Windows 10

3 replies »

    • Well, there are mechanisms planned for collecting logs remotely, and eventually, to analyze them programmatically. But they have to be completely useful and decipherable first, and that takes human analysis still 🙂


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s