EventLogExpert is a Windows Event Log viewer designed to help tech support professionals and IT staff analyze and manage event logs efficiently. It provides a comprehensive solution for examining .evtx files, whether they are from local systems or remote servers.
Key Features:
Rapid Loading of Large Files: Quickly load and process large .evtx files, even when handling multiple files simultaneously.
Interleaved View Across Servers: Examine events from multiple servers in a combined timeline to identify patterns and correlations.
Event Previews: View detailed event descriptions directly in the table without opening individual events.
Advanced Filtering: Use friendly drop-down filters or enter LINQ expressions for precise filtering, combining both methods as needed.
Event Database Creation: Create databases to view logs on systems that lack the original software, such as Exchange or SQL Server logs on workstations.
Real-Time Monitoring: Replace Event Viewer with continuous updates to monitor live event logs in real time.
Audience & Benefit:
Ideal for IT professionals and tech support teams who need to analyze complex event data. The tool streamlines troubleshooting by providing a clear, organized view of events across systems, enabling faster identification of issues and improved decision-making. It supports efficient analysis of large datasets and offers flexibility for both on-premises and remote log examination.
README
EventLogExpert
A Windows Event Log viewer for tech support and IT professionals.
Key features
Loads .evtx files concurrently — File → Open, drag-and-drop, or open every .evtx in a folder in one step.
Combined view interleaves events from any mix of file and live logs by time across multiple machines.
Configurable event-table columns (visibility, ordering, sort) with per-row highlight colors driven by your filters.
Filter pane with Basic (category × evaluator) filters, sub-filters joined with AND / OR, Date filter, Advanced Dynamic LINQ expressions, and Exclusion filters.
Download the EventLogExpert__x64.appinstaller (or the matching EventLogExpert__x64.msix) from the latest release and run it: .
The .appinstaller declares its dependency on the Windows App Runtime (currently Microsoft.WindowsAppRuntime.1.7.msix, also published in the same release) so App Installer fetches the runtime automatically on a clean machine. Updates are checked on launch.
If you'd rather install the runtime manually first, grab Microsoft.WindowsAppRuntime.1.7.msix from the release and install it with:
This project welcomes contributions and suggestions. Most contributions require you to agree to a
Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide
a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
provided by the bot. You will only need to do this once across all repos using our CLA.
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft
trademarks or logos is subject to and must follow
Microsoft's Trademark & Brand Guidelines.
Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship.
Any use of third-party trademarks or logos are subject to those third-party's policies.
