Saving event logs to one event log file

By | June 28, 2016

When working with event logs, you may find that you have dozens of saved event log files, which you need to review sometimes. And it’s annoying to open each log to check it. Of course, you can open all these files at once (“Open log file” dialog lets you open multiple files) or you can just drag your files from Windows Explorer into Event Log Explorer window. But if you check these log files regularly, it is better to have a single file that contains all the events from these saved event logs. Windows utilities (Event Viewer, wevtutil.exe) don’t let you save (backup) several event logs in one file. As a workaround, you can configure forwarding and collecting events into one log, but in this case, it will collect only new events.

How Event Log Explorer may help you

First, you should merge different event logs in one view. It doesn’t matter whether these logs belong to one computer or to different PCs, domain or workgroup members. You can even mix event logs from Windows XP machines with Windows 10. Or you can merge saved event log files (or mix files with live event logs). To merge event logs, just open any of them, and then right click on the other logs in the tree and select Merge with Current View. If you want to merge files, you should select File->Merge Log File from the main menu. When logs are merged, you can see an icon with stack of logs merged event log view. If you hover mouse over this icon, you will see log names in the merged view.

Now you can save this log view to a file. Although you cannot do backup (due to Windows restrictions), you can simply save the event view to file. However, Event Log Explorer has allows you to save the event view as EVT file. Select File->Save Log As->Save Displayed Events. Moreover, unlike backup you can even filter merged event log before saving. Note that this option lets you save event log view only as EVT log file. It cannot save it in EVTX format. Now you can open this one saved event log and view events from different sources.