Hi,
I am using LogParser 2.2 to parse event files (evtx) on Windows 2008. I need to parse both Application (Application.evtx) and System (System.evtx) files. The command I am using is:
C:\LogParser -i:evt -o:CSV "SELECT TOP 1 TO_UTCTIME(TimeGenerated) as TimeGen FROM "C:\event\System.evtx" ORDER BY TimeGen DESC"
However, the above command sometimes throws an error:
Cannot open <from-entity>: Error reading event log: The parameter is
incorrect.
error executing command 'C:\LogParser -i:evt -o:CSV "SELECT TOP 1 TO_UTCTIME(TimeGenerated) as TimeGen FROM "C:\event\System.evtx" ORDER BY TimeGen DESC"|
I dont see this error all the time. There are times when LogParser is able to parse the event files without erroring out. I checked the event files and they dont seem to have changed in terms of their sizes and content. Also, the event files are present in the above location and so is LogParser.
I am unsure why this behavior is inconsistent. Can somebody please shed some light on this? This is rather urgent as it is affecting our release.