How to export event logs to CSV file using Powershell?

Powershell offers an easy way to send all the event logs to a CSV file. CSV files can be used for effective data management and queries. You could export any event logs including system logs, application logs or security logs.

We look at ways you can export event logs to a CSV file using Powershell.

Export system logs to CSV file using Powershell

You can export system logs to a CSV file using the command given below. The export to CSV file contains all the default data that is collected by the Get-EventLog cmdlet in Powershell. You could always filter the output to include a relevant set of data for analysis through the CSV file.

The cmdlet that can be used to export to a CSV file in Powershell is Get-Eventlog. However, we di pipe the output of the command to the Export-CSV function as given in the command displayed below.

Get-EventLog -LogName System | Export-CSV -Path D:\test_folder_1\events2.csv -NoClobber

There are a few things or points that you need to make a note of:

  • Logname helps to choose the type of event log we want to report. So, for system logs, we will use System next to the logname paramter in the cmdlet.
  • Export-CSV function must contain path of the CSV file to which the Get-Eventlog command output is exported.
  • Noclobber option prevents files from being overwritten

The output of this command will generate a CSV file in the path specified. So, in our case, we have exported the system log to a CSV file events2.csv.

Export to CSV using Powershell

I have validated that the events.csv file contains the complete system logs from the events log. The exported file looks like the screenshot displayed hereunder:

You may note from the exported logs that there is a scope to optimize the output. We can reduce the number of fields reported in the CSV file by qualifying the Get-Eventlog command. One such command with limited set of data fields in the CSV file is shared below:

Get-EventLog -LogName System | Select-Object -Property EntryType,TimeGenerated,Source,EventID,Category,Message | Export-CSV -Path D:\test_folder_1\events4.csv -NoClobber

In this command, we have sent the Get-Eventlog cmdlet output to the Select-object directive. This is then followed up by piping it further to the Export-CSV function.

The screenshot of the command is shared below:

In this command, we have reduced the number of properties that will be reported to 6 fields in the CSV file. The screenshot below is from the CSV file to which the system logs have been exported using Powershell.

Summary

In this Powershell tutorial, we have exported the system log to a CSV file using the Powershell cmdlet Get-Eventlog. We have piped the output of the command to Export-CSV function for exporting the log files to the CSV file.

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.