Cancel
Showing results for 
Search instead for 
Did you mean: 

How to Filter and Save Event Logs to .evtx file (to submit to GTAC Rulestream Support)

Siemens Experimenter Siemens Experimenter
Siemens Experimenter

 You can create a filter to get only Errors and the like from the Event Logs, and then save them to an .evtx file that you can send to us.


Do the following for each machine that you want to capture the events from. Note, it would be best if you did this as soon as possible after the Events that you are interested in happened, as it limits the amount of events in the event logs.


Steps to create a Windows Event Log .evtx file:
1) Bring up the Event Viewer -in the Control Panel, at the top right is the search box. Type "Event Viewer" into it. Choose "View event logs"


2) On the Event Viewer screen, select Create Custom View:

1CreateFilter.jpg

 

3) That will open the Create Custom View dialog. First select the desired time range. Shorter is better!

2SelectTimeRange.jpg

 

4) Then select the Events and Sources you are interested in, generally Critical, Error, WarningEvents,
and the Application, Security, Systemlogs:

3SelectErrorsAndLogs.jpg

 

5) When you click OKon the Create Custom View dialog, it will ask you to name it. Give it a meaningful name, and then click on OK.

4NameLog.jpg

 

6) Now, it will take you back to the Event Viewer Window, with your new View displaying only the Events that meet your filter criteria. Choose to Save All Events in Custom View As..:

5SelectAllEvents.jpg

 

7) In the file save dialog, pick a place that you can easily find (which is NOT going to be the default location), and give it a meaningful name, including User or Machine name and time period and then click Save:

 

6SaveFile.jpg

 

8) Once you have captured all the Event Logs you are interested in, go to that directory and Zip or 7-Zip the files and send them to Rulestream Support.

 

Contributors