Home>

I'm trying to extract event logs on a Windows10 (64bit) machine.
It's like creating a bookmark file of the event log using wevtutil and extracting the one registered in the event log from it.

Partial code excerpt

# Use the previous bookmark file (eventbm.xml) and extract the differences from it
wevtUtil qe "Application" /f:xml /bm: "C: \ eventbm.xml" /sbm: "C: \ newevtbm.xml" /rd: false/e: root/sq: true >>"C: \ evtOutput .xml "

However, at some point, the following error message was displayed and the event log could not be extracted.

Failed to search for the event in the specified bookmark.
The XML text specified was not well-formed. See Extended Error for more information.

Checking the generated eventbm.xml does not seem to be a problem.

<BookmarkList>
<Bookmark Channel ='Application' RecordId = '100004' IsCurrent ='true' />
</BookmarkList>

I wondered if I changed the value of RecordId from "100004", but I found that the event log extraction failed at 100000.
Would you please tell me if you know how to prevent this phenomenon or alternatives?
Thanking you in advance.

■ Conditions

Realized using the application that comes standard with Windows 10
Correspond with bat or vbs as needed