The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

How to export Windows Event logs with PowerShell

Download Windows Speedup Tool to fix errors and make PC run faster

Windows offers two commands that allow anyone with admin permission to export Windows Event Logs using PowerShell. The process is straightforward but can be done in multiple ways using the Get-WinEvent or Get-EventLog cmdlets, depending on the version of Windows.

How to export Windows Event logs with PowerShell

How to export Windows Event logs with PowerShell

Here are the three commands to extract Even logs using PowerShell.

  • Using Get-WinEvent
  • Using Get-EventLog
  • Using wevtutil for Raw EVTX Logs

You can run these commands on PowerShell or Windows Terminal.

1] Using Get-WinEvent

System Log Windows

Exporting the System log directly to a .csv file:

Get-WinEvent -LogName System | Export-Csv -Path "C:\Log\SystemLog.csv" -NoTypeInformation

Here the LogName System means logs generated for System, and it exports in the CSV format.

If you want logs from the last 24 hours in .csv format:

Get-WinEvent -LogName Application -StartTime (Get-Date).AddDays(-1) | Export-Csv -Path "C:\Logs\ApplicationLastDay.csv" -NoTypeInformation

2] Using Get-EventLog

Application Log Windows

Exporting the Application log directly to a txt file:

Get-EventLog -LogName Application | Out-File -FilePath "C:\Log\ApplicationLog.txt"

Here LogName Application: Specifies the logs generated for Applications. The output is saved as plain text file.

Read: How to clear Event Log in Windows

3] Using wevtutil for Raw EVTX Logs

Security Log Windows

EVTX files are Windows Event Log files stored in the proprietary .evtx format used by the Windows Event Log service. They serve as a repository for recording events (e.g., system events, application errors, security audits) generated by the operating system and installed applications.

wevtutil epl Security "C:\LogsSecurityLog.evtx"

Here, EPL stands for Export log. The above command Outputs logs in their raw, native EVTX format. The best part of generating an EVTX file is that you can directly open it in the event viewer.

I hope this helps.

How to open EVTX files?

EVTX files can be opened and analyzed using several tools. The most common method is through Event Viewer, a built-in Windows application that allows you to view and interpret the event logs. To access it, press Win + R, type eventvwr, and open the “Open Saved Log” option to load external EVTX files.

Read: How to create Custom Views in Event Viewer on Windows

Can EVTX files be converted to CSV?

EVTX files can be converted to more accessible formats like CSV or plain text for easier analysis. You can use the Get-WinEvent cmdlet in PowerShell to extract specific event data and export it to a CSV file using WinEvent or tools like Evtx2Json or Log Parser.

Get-WinEvent -LogName Application | Export-Csv -Path "C:\Logs\ApplicationLog.csv" -NoTypeInformation

Read: How to export Management Log files in Windows 11.

AshishMohta@TWC

Ashish holds a Bachelor's in Computer Engineering and is a veteran Windows. He has been a Microsoft MVP (2008-2010) and excels in writing tutorials to improve the day-to-day experience with your devices.