If you are like me, you probably look at a lot of event logs from various customer environments. Reviewing these on your machine can quickly turn your event ‘Saved Logs’ into an utter mess.
Deleting these events one-by-one is slow, and can be time consuming. Here is a 2 step hint for removing all saved logs.
Step 1) Navigate to the following folder:
This folder contains xml files that contain the location of each of the .evt or .evtx files that have been brought into your system for review.
Delete the files.
This removes all items from the saved logs list. (Special note – Have event viewer MMC closed before deleting. Failing to do this will not remove the ‘Saved Logs’)
Now open event viewer. The saved logs are gone.
Step 2) Remove the actual .evtx and .evt files that are scattered about your Hard Drive.
Open search and look for *.evt*. Search your home directory or the location where you have been downloading your events to.
Once you have located your result set, you can save your search, to be efficient the next time you perform a cleanup.
Now highlight the items you wish to delete, right click and choose “Delete”