Event Viewer on Windows is a centralized log service used by applications and operating system components to report events that have occurred, such as a failure to complete an action or to start a component or program.
Event Viewer has several sections such as Application and Security in Windows Logs and Applications and Services Logs. The event lists in each section in the Event Viewer accumulate over time, and the lists can get very long and slow down the loading of the Event Viewer. It can also make it difficult to find problems. You may even see a message that the event log is full.
This article explains how to export the event logs to back up them, how to clear them, and how to increase the size of the event log.
Export the Windows event log
It is recommended that you export the event log to back it up before cleaning. To do this, right-click the log you want to export in the tree on the left side of the Event Viewer and select Save All Events As from the pop-up menu. Use the arrows to the right of the tree items to expand and collapse the various sections of the tree.
NOTE. You can also click Save All Events As in the Actions list on the right side of the window. The name of the selected log is displayed as a header above the available options.
If you do not see the options available, which are also available in the pop-up menu under the name of the selected story, click the down arrow in the header to expand the list.
In the Save As dialog box, navigate to where you want to save the event log file. Enter a name for the saved log file in the File Name field and select a file type from the File Type drop-down list.
NOTE. You can save the log file as an event file (.evtx), XML file (.xml), tab delimited file (.txt), or comma delimited file (.csv). The only file type that can be imported into Event Viewer again is .evtx. Other types allow you to view log data outside of Event Viewer, but files cannot be imported back into Event Viewer.
Click “Save” to save the event log to a file.
If you selected the file type .evtx, the Information Display dialog box appears. If you want to be able to import log data into Event Viewer on another computer, you may need to include the displayed information in the exported log file. Select the radio button Display information for these languages. If you need a different language, check the Show all available languages ??box and check the box for the language you want, if available. Click OK.
The directory containing the metadata for your locale is written to the same directory as the log file you saved.
Open a saved record
To open the log file that you exported as a .evtx file, choose Open Saved Log from the Action menu.
In the Open Saved Log dialog box, navigate to where you saved the .evtx file, select it and click Open.
Clear event log
After you have exported the log, you can easily clear it. To do this, select “Clear Log” from the “Action” menu.
NOTE. You can also right-click the log and choose Clear Log from the pop-up menu, or click Clear Log from the Actions list on the right side of the Event Viewer.
A dialog box is displayed allowing you to save the log before cleaning if you have not exported it yet. If you click Save and Clean, the same Save As dialog box mentioned earlier is displayed, as well as the Show Info dialog box if you choose the .evtx file type. If you have already saved the log file, click “Clear” to clear the log.
Increase the maximum size of the event log
If you receive a message that the event log is full, you can increase the maximum size allowed for this log. To do this, right-click the desired log and select Properties from the pop-up menu.
NOTE. Again, you can access the Properties option from the Action menu or from the Actions list.
The “Log Properties” dialog box opens. To increase the maximum size allowed for the selected log, click the up arrow in the Max Log Size edit box to change the number (in kilobytes). You can also highlight the current number and enter a new one.
Select the action to take when the event log reaches the maximum size. You can select “Overwrite events” as needed, starting with the oldest events, “Archive log when full”, which does not overwrite any events, or “Do not overwrite events”, which means that you must clear the event log manually.
You can also clear the selected log in the Log Properties dialog box by clicking Clear Log. When you’re done making changes, click OK.
To close Event Viewer, choose Exit from the File menu.
Windows Event Viewer is a useful tool for getting information about your hardware, software, and system components. It can help you identify current system problems, such as the cause of your computer crashing or the cause of the most recent problem with a particular program. Enjoy!