EventLogExpert is a Windows Event Log viewer designed to help tech support professionals and IT staff analyze and manage event logs efficiently. It provides a comprehensive solution for examining .evtx files, whether they are from local systems or remote servers.
Key Features:
Rapid Loading of Large Files: Quickly load and process large .evtx files, even when handling multiple files simultaneously.
Interleaved View Across Servers: Examine events from multiple servers in a combined timeline to identify patterns and correlations.
Event Previews: View detailed event descriptions directly in the table without opening individual events.
Advanced Filtering: Use friendly drop-down filters or enter LINQ expressions for precise filtering, combining both methods as needed.
Event Database Creation: Create databases to view logs on systems that lack the original software, such as Exchange or SQL Server logs on workstations.
Real-Time Monitoring: Replace Event Viewer with continuous updates to monitor live event logs in real time.
Audience & Benefit:
Ideal for IT professionals and tech support teams who need to analyze complex event data. The tool streamlines troubleshooting by providing a clear, organized view of events across systems, enabling faster identification of issues and improved decision-making. It supports efficient analysis of large datasets and offers flexibility for both on-premises and remote log examination.
README
EventLogExpert
A Windows Event Log viewer for tech support and IT professionals.
Key features
Quickly load huge .evtx files. File -> Open and select multiple files, or just drag-and-drop them into the view. The tool will happily load multiple .evtx files concurrently.
View multiple .evtx files in an interleaved combined view and examine how events line up across multiple servers.
See event description previews right in the table without having to open each individual event.
Filter using friendly drop-downs, use Advanced Filter and enter a LINQ expression, or combine both.
Create an event database to view .evtx files on computers that don't have the same product installed. For example, view Exchange Server or SQL Server logs on a user workstation.
Can be used as a replacement for Event Viewer to view live event logs. Choose Continuously Update on the View menu and watch new events appear in real time.
Windows 2019 will also need the Microsoft.WindowsAppRuntime*.msix unless it was already installed by something else. You'll find this file in the release with the EventLogExpert*.msix.
This project welcomes contributions and suggestions. Most contributions require you to agree to a
Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide
a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
provided by the bot. You will only need to do this once across all repos using our CLA.
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft
trademarks or logos is subject to and must follow
Microsoft's Trademark & Brand Guidelines.
Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship.
Any use of third-party trademarks or logos are subject to those third-party's policies.
