Convert Event Logs from evt to evtx format

Microsoft Windows use .evt format for storing event logs before Windows vista. However in vista/7 and later versions, event logs are stored in new format .evtx

In case you open up a .evt file on a Windows Vista/7 or later, you are presented with the following banner message at the top of the window

To better navigate and manipulate Analytics, Debug or Classic Event log files, save the events into an .evtx file

Also instead of being able to scroll down through all the events at once, you have to option navigate from one page through the next

Converting .evt file format to .evtx is an easy task and can be done using following command

C:\> wevtutil export-log <sourcelogfile>.evt <targetlogfile>.evtx /lf
1 Like