What's Hiding In Your Windows Logs?


Splunk Light Windows log analyzerOne of the most useful features to assist in troubleshooting a Windows computer is the event log. Almost everything that Windows does behind the scenes, including any potential problem that it identifies, gets recorded in the event log. It's not unusual for the log to grow by a few thousand entries every day. But although the logging facility is comprehensive, the range of tools which Microsoft provides in order to search and analyze the event it is not.

Basically, you're limited to something called the Event Viewer. You can browse by event type or by date/time, but the information is merely the raw data and it's down to you to make sense of it.

If you want a more powerful tool for analyzing your event log, then there are various products available. The good ones are invariably commercial and expensive. But thankfully, the market leader offers an option which is free for personal use, sufficiently powerful, and fun to explore.

The company concerned is Splunk, and the particular product is Splunk Light. You'll find it at https://www.splunk.com/en_us/download/splunk-light.html and it's a 144 MB download, which is malware-free according to Web of Trust and my own virus scan efforts (it's too large for VirusTotal to analyze).

You'll need to register for a free Splunk account before you can download it. Once you've acquired the file and installed it, you access it on your computer via its built-in web server. Type http://localhost:8000 into your web browser to get started, and log in as admin with a password of changeme. You then need to add data, and point Splunk Light at your computer's event logs. You can then start to browse and analyze them.

The free version of Splunk Light is limited to analyzing 500 MB of new log data every day, which is more than sufficient for just about any computer. And it works on servers too, if you run a server and you want to keep an eye on its logs.

Please rate this article: 

Your rating: None
Average: 3.7 (19 votes)


Just a thought regarding files too large for VirusTotal. Would it be possible to split such files in half and then upload each section?

Anyone tried this workaround?

Update - Out of curiosity I used 7-zip to split a 160M exe file and had VirusTotal test it. No problems. Don't know if the recombined file would still work though.

If you worry about everything in your Event Log that's all you do. Most of them are insignificant and won't hurt a thing. If you find problems with your computer take a look. Nirsoft is very good like chisli said!

Not suitable for home use.
I also prefer nirsoft event viewer: Fast, easy and mainly no istallation.

Sometimes it's worth giving up all your data for something, and sometimes it's not. This one forces you into giving a large amount of data and also signing up for their emails.
I favour this event viewer which is also completely free but you don't need to give all your private info out to get it. Plus, it's portable.