How to take my Events (EVT or EVTX format) and copy them to SQL for merged/further evaluation.

While PowerShell can be used, for very large datasets I commonly use SQL to parse and merge my events. Below is a simple example of how to convert your event files from the Windows Event format to SQL Server.

Download the Log Parser toolset from Microsoft:

https://www.microsoft.com/en-ca/download/details.aspx?id=24659

Run the following Command (from a command line):

cd “c:\Program Files (x86)\Log Parser 2.2”

logparser “select * into MyTable from c:\MyEventFile\MyEventFile.evtx” -i:evt -o:SQL -createTable:ON -server:MYsqlServer -database:MyDB -username:MyUser -password:MyPassword! -driver:”SQL Server”

Leave a Reply