keydet89 wrote:
Resolved, how? What is it that you're trying to achieve? If you're trying to create a timeline, per ch 7 of WFA 4/e, you're *most* interested in the event source and ID...as such, any additional lines that do not appear in the timeline, after using wevtx.bat instead of just LogParser, will still be available for viewing in much the same way that file contents are not specifically available in a timelineI'm trying to follow the process in 4/E, my first attempt at doing so. Am following step by step, looking at the output at each stage to check that I understand what it is or at least that it looks OK. So when I ran logparser and saw what I explained in Notepad++, it threw me.
On closer inspection though, completely my fault. In logparser, I was saving to a .txt file rather than .csv - csv works just fine <img src="images/smiles/icon_smile.gif" alt="Smile" title="Smile" /> RTM?
In my defence, I had been using my Kindle to work my way though this, today I used the book and it was much easier to see where I was going wrong <img src="images/smiles/icon_smile.gif" alt="Smile" title="Smile" />
Thanks for all the efforts and patience Harlan
Cheers
↧