Method 1: Export EVTX with Display Information (MetaData)

An .evtx file alone does not contain the text of most events, so uploading an .evtx file without the associated Display Information can delay resolution of your support case. Even with the display information, an .evtx contains only the UTC time of the events and not the source time zone (Event viewer adjusts the displayed time to your local time zone).

Steps to Export .evtx with Display Information

1. Open Event Viewer (eventvwr.msc).
2. Locate the log to be exported in the left-hand column.
3. Right-click the name of the log and select Save All Events As…
4. Enter a file name that includes the log type and the server it was exported from.
   For example, when exporting the Application event log from server named HV01, enter Application_HV01.
5. In Save as type , select Event Files .
6. Include display information.

   
   

7. Be sure to include the LocaleMetaData folder when packaging logs for upload.

   

Please package all files into a single .zip archive

Method 2: Export as CSV

1. Open Event Viewer (eventvwr.msc).
2. Locate the log to be exported in the left-hand column.
3. Right-click the name of the log and select Save All Events As…
4. Enter a file name that includes the log type and the server it was exported from.

   For example, when exporting the Application event log from server named HV01, enter Application_HV01.

5. In Save as type , select CSV (Comma Separated) .

   

Please package all files into a single .zip archive

Method 3: Collect entire log folder from Windows.

1. Navigate to C:\Windows\System32\winevt\Logs
2. Archive (ZIP\7z\RAR) the entire contents of the Logs folder.

Please package all files into a single .zip archive