Yay! A fix for EventQuery

Those of us "in the know" :-) use eventquery.vbs to export events to a delimited file, and then use Excel to analyze the log- autofiltering rocks. Unfortunately if you have a large log, this doesn't work!

Well, I finally used MSN Search to see if there was a KB article on this, and I found this post to the microsoft.public.windows.server.general newsgroup. Remember that you might have to disable Windows File Protection.

Yay! Now I just need to make myself a to-do to get that fixed.

2005/09/28 UPDATE: I have requested that this issue be fixed in EventQuery.vbs in XP SP3. Also, Jean-Baptiste pointed out that EventQuery.vbs is over-localized. I've also requested a change for this in XP SP3 but changing it at this point might do as much harm as good. This might not be an issue in Vista as the event log engine and tools have been re-written from scratch.

2006/02/01 UPDATE: Brandon has done some scripting with EventQuery and figured out how to run daily reports. Here's a short script he wrote that reports errors in your application & system logs (I've made only minor changes). Just paste this into notepad and save it as "DailyErrorReport.cmd".

2006/08/23 UPDATE: Fixed a typo that Paul pointed out. Line 8 (set LongYear...) should only have one equal sign, not two as it originally had.

@echo off

REM Get today's date
set today=
set month=%date:~4,2%
set datenum=%date:~7,2%
set year=%date:~12,2%
set longyear=%date:~10,4%

REM Start query at midnight
set today=%month%/%datenum%/%year%,12:00:00AM

REM This could be scheduled to run daily

REM Execute query and store results in a daily log file
eventquery /l system /l application /v /fo table /fi "Type eq Error" /fi "Datetime gt %today%" >> %temp%\errors_%longyear%%month%%datenum%.log