Blog Category
All Blogs
Exploratory Data Analysis
Big Data
Company & Product
How To
Customer Stories
How To
Oct 4, 2022

How To Open Large EVTX Files The Easy Way

written by

Ankit Vora

Windows crashing again and again? Or maybe it’s one of the applications, let’s say Microsoft Excel or VLC Media Player. Storage space about to run out? Whatever challenges you’re facing with your Windows system, you can diagnose them and even predict future issues by assessing Windows Event Logs, also known as EVTX files.

If you are a Windows user and have assessed Windows Event logs before, you may already know that the operating system records and registers these logs across five areas:

  • Application
  • Security
  • Setup
  • System
  • Forwarded Events

In this article we are going to show you how to access your Windows Event Logs, how to open the Event Log files, and how to open large EVTX files online using Gigasheet!

Assessing Windows Event Logs to Diagnose Existing or Future Problems with Your Windows System

You can access these logs using Windows Event Viewer. To access Windows Event logs, first, look up “Event Viewer” using the Search feature, or press Windows + R on your keyboard to launch Windows Run, type in “eventvwr” and hit “Ok.”

Windows Event Viewer

In Event Viewer, you can find different event logs by expanding “Windows Logs” in the left-hand navigation bar. If you want to access Application logs, you can do it by clicking on “Application” under “Windows Logs.” Want to assess Security incidents? Click on “Security” under “Windows Logs.”

The Problem with Using Windows Event Viewer to Assess Event Logs, and How to Export Files

And while using Event Viewer is a great way to assess Windows Event Logs, the only problem is – you’ll find yourself restricted. What if you want to share these logs with your remote colleague based in India? Or what if you want to assess System logs generated on a specific date?

Simple – you can save all or specific event logs on your Windows in .evtx format. To do that, click on the area you want to export logs of. Let’s say we want to export System Logs. When you click on “System Logs,” you’ll see the “Save All Events As…” option under “Actions” in the right panel.

If you want to save Selected events, click on “Save Selected Events…” under “Actions” in the right panel.

You can also save them in .xml, .txt or .csv format. However, it’s a good practice to export these Event Logs in the .evtx format.

Windows Event Log Save As File Type Options

But the only problem is – if your colleague working remotely from India is using a MacBook, then he/she may not be able to access the log file saved in the .evtx format – as it automatically launches in the Windows Event Viewer.

So, you’ll have to share this log file with him/her in other formats. We’d advise you to do it in the universal .csv format – as using a spreadsheet to assess these event logs is the best way to smartly look up potential or existing issues.

You can tap into a spreadsheet software’s powerful functionalities and features to diagnose the problems on your Windows system and the reason behind their occurrence. But again – there are a few problems that you’ll face while using Microsoft Excel to diagnose and assess Event Logs.

The Problem with Using Microsoft Excel to Diagnose & Assess Windows Event Logs

Problem #1 - If the Windows Event Logs were saved in the default .evtx format, Excel cannot open it correctly

Viewing an EVTX file in Excel displays garbage

Anyone that is saving an EVTX file will likely just hit save and share the file. When the .evtx file is opened in Excel, gibberish is displayed. You can try to use the Text Import wizard to fix the file, but it does not help.

Text Import Wizard is of no help

Windows Event Logs need to be saved as a .csv to be opened in Excel, but this is not the default file type when saving.

Problem #2 – If the Windows Event Logs were saved as .csv, the file size could be too large, causing Microsoft Excel to freeze or your computer to crash.

Recently, we covered a blog post titled “What to Do When Excel Keeps Crashing” around the same issue. We heavily recommend giving it a read. Some reasons behind Excel File Size getting big include:

  • Data Generated from a Third-Party Source like a CRM or database (Or Windows Event Log!)
  • Excessive Formatting, Styles & Shapes.
  • Hidden Worksheets.
  • Macros - Custom or 3rd Party.
  • References to Other Excel Files.
  • Too Many Formulas & Calculations.
  • Unused Pivot Tables & Charts.

However, most of these are not applicable here – as a Windows Event Log file is generated automatically using the Windows Event Viewer and you’ll probably not be making any changes.

Despite that, if there are too many entries and if the Windows Event Log file is just too large, then you may face a hard time using Microsoft Excel. The row limit in Excel is 1,048,576. That's it! So, what’s the solution?


Introducing Gigasheet – The Easiest Way to Assess Windows Event Log Files

No matter what format you’re exporting your Windows Event Log file in, whether it’s .evtx, .txt, .csv, or .xml format, you can quickly upload it to Gigasheet and assess your Windows Event log in mere seconds.

Yes – with Gigasheet, you’re not bound by a specific format. No matter what format your Windows Event Log file is in, you can easily access it at the click of a button.

And the best part is – even if your spreadsheet exceeds the Microsoft Excel or Google Sheets rows and columns limit, Gigasheet allows you to process spreadsheets with billions of rows.

Alongside this, you can apply filters, group rows and columns, tap into the pivot mode and tap into numerous other functionalities to analyze your data. No coding skills are required!

Following are the steps you should follow to assess Windows Event Log files on Gigasheet:

  • Step 1 – Sign up for Free
  • Step 2 – Import Your Windows Event Log File
  • Step 3 – Run Powerful Queries to Assess Your Data

Step 1 – Sign Up for Free

Using Gigasheet is free. Sign up today! If you want to tap into additional features such as expanded storage, you may opt for the Premium or Enterprise plan. However, with the Community plan (which is free), you’ll easily be able to assess your Windows Events Log file.

While on our website, click on “Sign Up, Free Forever” in the top-right corner. Once you sign up, you’ll be taken to the Gigasheet dashboard – from where you can upload your files to Gigasheet or access the ones you’ve already uploaded and are working on.

Step 2 – Import Your Windows Event Log File

On your dashboard, you’ll see the “+ NEW” button in the top-right corner – as displayed in the screenshot.

Gigasheet library with File Upload button

Select “File Upload.”

Now, you’ll see a pop-up where you can either drop your files or click on the “BROWSE” option to upload them from your computer. You can even import from Google Drive, Dropbox, OneDrive, Box, or using a link.

Here, we’ll upload the .evtx file.

Uploading file progress bar in Gigasheet

Gigasheet will upload and process your file within a minute.

As soon as it’s processed, you’ll be able to access it from your Dashboard.

The uploaded Windows Event Log in the Gigasheet library

Step 3 – Run Powerful Queries to Assess Your Data

From here, just click on the file name to access it. Here’s what our file looks like on Gigasheet.

Viewing the Event Log in Gigasheet

You can now filter your data or even group it – depending on your requirements. In this section, allow us to show you the power of

  • Gigasheet’s Group by Columns Feature
  • Gigasheet’s Filter Feature

Introducing Gigasheet’s Group by Columns Feature

Now, let’s say you want to filter the logs by Provider. You can do it by clicking on “Group.”

Group data in Gigasheet to make exploration easier

Now, we’ll group by Provider.

Group by pop-up in Gigasheet

And it’s done. In no time, Gigasheet will group your data – as per your request.

Windows Event Log data grouped by Provider

You can even group your data by multiple columns. For instance, here’s how we’ll group our data:

Multi-level grouping is possible in Gigasheet

The data now has a multi-level grouping. Expand the sub-groups to drill in:

Data grouped by Provider and Date

That being said, let’s learn how to use Gigasheet’s Filter feature.

Introducing Gigasheet’s Filter Feature

Let’s say you want to find out logs with Provider as “ESENT.” To do that, we’ll click on “Filter” and apply this filter:

Applying Filters to data in Gigasheet

And here you go with the results:

Filtered Windows Event Log data in Gigasheet

You can also get your hands on Level 2 threats by applying this filter:

Filtering on Threat Level in an EVTX log

Here are the results:

Filtered EVTX data in Gigasheet

You can also apply additional filters to laser-focus on the data you want to drill into. For instance, you can access Level 2 event logs generated on a specific date.

That’s the Magic of Gigasheet!

No matter what your Windows Event log file format is or how large your file is, Gigasheet can easily process it in mere seconds.

Try Gigasheet today!

The ease of a spreadsheet with the power of a data warehouse.

No Code
No Training
No Installation
Sign Up, Free

Similar posts

How To

Easy Fuzzy Matching: Calculate Levenshtein Distance Without Code

Aug 6, 2024
3
How To

How to Connect Excel to Databricks

Jun 21, 2024
5
How To

Enrich B2B Email Lists for Free

Jun 14, 2024
5
G2 Star rating logoCapterra 5 Star rating badgeSource Forge Logo - Light VersionSOC 2 Type 2 logo
© 2023 Gigasheet, INC. PATENTED

Webinar: Healthcare Price Transparency Data
December, 17 @ 1PM ET

REGISTER HERE

By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

I understand