1

I created a Custom View in Event Viewer (Windows Server 2012) that displays events from by a specified source (Sugar2SvcNow Log in attached screen shot). I'm trying to save all the events in this Custom View once per month in a evtx file. For Windows Logs, automatically saving a log is easy to set up by right-clicking on the log name, and then Properties. Is there a way to do the same for a Custom View?

Edit: attaching another screenshot with properties of the Custom View.

attached screen shot

properties of Custom View

Improve this question
2
  • Can you display the Properties for the log?
    – Ramhound
    Commented Mar 9, 2020 at 20:18
  • @Ramhound, I attached another screenshot with properties of the Custom View.
    – yvoloshin
    Commented Mar 10, 2020 at 16:08

1 Answer 1

Reset to default
1

You need to use PowerShell as described in the Microsoft blog
Use Custom Views from Windows Event Viewer in PowerShell:

  • In Event Viewer, select the custom view by clicking it
  • Clicking Filter Custom View from the Action menu or from the right-hamd pane
  • Click the XML tab
  • Click Ctrl+A to select everything
  • Click Ctrl+C to copy it to the clipboard
  • Open Notepad and paste the text
  • Save as an .xml file, say in the file C:\Temp\ev.xml

  • Run PowerShell as Administrator to read the events using the command:

    Get-WinEvent -FilterXml ([xml](Get-Content "C:\Temp\ev.xml"))

See also the Microsoft documentation for Get-WinEvent.

enter image description here

Improve this answer
3
  • Thank you! This works to output the log event to the screen. I figured out how to pipe the output to 'Out-File -FilePath' to save it in a file. I'm trying to set up a scheduled task that will run this command periodically and save the output in files. Is there a way to automatically increment the file name that the output gets saved to? Or even better, to append the current date to the file name?
    – yvoloshin
    Commented Mar 10, 2020 at 16:01
  • 1
    Lots of PowerShell examples to be found. For example, google for "powershell append date file name" gives answer1 and answer2.
    – harrymc
    Commented Mar 10, 2020 at 17:08
  • Thank you! That was very helpful.
    – yvoloshin
    Commented Mar 10, 2020 at 17:24

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .