top of page

Export Windows applications logs in CSV format using SQL Server query

The Windows application logs are used by various applications such as SQL Server to write new events. It does not get recycled after the system restart. This blog is about a simple technique for exporting these logs into a CSV format using T-SQL query. You can import these flat files into SQL Server tables as well.


To launch the event viewer, type eventvwr in the Run and check the application, system logs.


Export Windows applications logs in CSV format using SQL Server query

These logs are saved at C:\WINDOWS\SYSTEM32\WINEVT\LOGS\ directory.


Suppose we want to import these application Windows logs in SQL Server. How do we do that? Let’s check it out.


The following script exports the application logs in CSV format and stores them into C:\Temp\Application.CSV file.


use [master];
Set nocount on
 
exec master..xp_cmdshell 'PowerShell.exe "get-winevent 
-path C:\WINDOWS\SYSTEM32\WINEVT\LOGS\Application.evtx |
export-csv -path C:\Temp\Application.csv -useculture"'

Import Windows applications logs in SQL Server

The script uses the XP_CMDSHELL extended stored procedure. If you have enabled it in your SQL instance, refer to the article T-SQL statement to Enable and Disable XP_CMDSHELL using SP_CONFIGURE in SQL Server.


Execute the script, and you get a CSV file for the application Windows logs as shown below.


View event logs

203 views1 comment

1 Comment


Unknown member
Aug 08, 2023

I see you're diving into the world of exporting Windows application logs in CSV format using an SQL Server query. It's a smart move – being able to analyze logs can provide valuable insights. Let's tackle this together!

Imagine this: a few months back, I was working on a project where we needed to extract Windows argentics application logs for analysis. We wanted to make sense of all the data and identify patterns. Here's how we did it using SQL Server and a touch of wizardry.

  1. Query the Event Logs: First, we used an SQL Server query to access the Windows event logs. We specified the necessary columns like EventID, Source, and TimeStamp to gather the information we needed.

  2. Filter…

Like
bottom of page