How to extract event logs for KYP Support

  • Updated on Jul 22, 2025
  • Published on Jul 8, 2025
  • 1 minute(s) read
Prev Next

๐Ÿ› ๏ธ Troubleshooting Guide: Extracting Event Logs from Application and Task Scheduler

๐Ÿ”ง Tools Needed

  • Windows built-in Event Viewer

  • Optional: PowerShell (for automated extraction)

  • Administrator privileges

๐Ÿ” Step 1: Open Event Viewer

  1. Press Win + R, type eventvwr, and press Enter.

  2. Event Viewer will open.

๐Ÿ“ Step 2: Navigate to the Logs

1. Application Log

  • In the left pane, expand Windows Logs.

  • Click on Application.

  • This log contains errors from applications and services (e.g., .NET, apps crashing, etc.).

2. Task Scheduler Operational Log

  • In the left pane, expand Applications and Services Logs > Microsoft > Windows > TaskScheduler.

  • Click on Operational.

  • If it's not enabled, right-click > Enable Log.

๐Ÿ“ค Step 3: Filter or Find Relevant Events

Filter Events

  1. Right-click the log โ†’ Filter Current Logโ€ฆ

  2. Under Logged, choose:

    1. Last 7 days, or use Custom Range.

    2. Click OK.

๐Ÿ’พ Step 4: Save the Logs

Manual Export:

  1. In Event Viewer, right-click the log (Application or Operational).

  2. Choose Save the filtered log:

    • Right-click > Save Filtered Log File Asโ€ฆ

  3. Choose format:

    • .evtx (best for reopening in Event Viewer)

    • .xml or .txt for analysis/sharing

๐Ÿ’ป Optional: Use PowerShell to Extract Logs

# Export Application logs from the last 7 days
Get-WinEvent -LogName Application -MaxEvents 1000 |
  Where-Object {$_.TimeCreated -gt (Get-Date).AddDays(-7)} |
  Export-Clixml -Path "C:\Logs\ApplicationLog.xml"
# Export Task Scheduler logs (Operational)
Get-WinEvent -LogName Microsoft-Windows-TaskScheduler/Operational -MaxEvents 1000 |
  Export-Clixml -Path "C:\Logs\TaskSchedulerLog.xml"

Replace Export-Clixml with Out-File if you want plain text output.

Option 2: Use PowerShell for Automated Export (Last 7 Days)

๐Ÿ”น Export Application Logs from the Last Week:

$StartTime = (Get-Date).AddDays(-7)
$EndTime = Get-Date
Get-WinEvent -FilterHashtable @{
    LogName = 'Application';
    StartTime = $StartTime;
    EndTime = $EndTime
} | Export-Clixml -Path "C:\Logs\ApplicationLog_Last7Days.xml"

๐Ÿ”น Export Task Scheduler Logs (Operational) from the Last Week:

$StartTime = (Get-Date).AddDays(-7)
$EndTime = Get-Date
Get-WinEvent -FilterHashtable @{
    LogName = 'Microsoft-Windows-TaskScheduler/Operational';
    StartTime = $StartTime;
    EndTime = $EndTime
} | Export-Clixml -Path "C:\Logs\TaskSchedulerLog_Last7Days.xml"

โœ… You can change the export format:

  1. Export-Clixml (for structured data you can re-import)

  2. Out-File for readable text:

    ... | Out-File "C:\Logs\TaskSchedulerLog_Last7Days.txt"

๐Ÿงช Step 5: Share Logs

  • You can re-import .evtx files into Event Viewer for full context.

  • Share .evtx with KYP support for detailed help.

โœ… Tips

  • Always check time and date of the event.

  • Look at the Details tab in Event Viewer for full XML data.

  • Enable Operational log for Task Scheduler if it's empty or not logging.