This is a simple console (command line) tool that can quickly convert an EVTX file (Windows Event Viewer file) to CSV. To use the tool, run it in a CMD prompt, specifying one of the 3 output options, plus the full path to the EVTX file. Similar results can be achieved with PowerShell, but this tool is optimized for performance, as it parses the EVTX line-by-line. It can process a 2 GB file in just 4-5 minutes without overloading the server's CPU. You can then dump the output into a text file, or use QGREP to find the info you need.

The 3 display options are SHOW, which dumps a full list of the events in the file, CSV, which displays the events without the description, comma-seperated (this can be easily opened and manipulated with Excel), and COUNT, which just shows how many events were logged in the file totally.

Note that this application is not associated, endorsed or supported by Microsoft!

