What's Hiding In Your Windows Logs? [1]

One of the most useful features to assist in troubleshooting a Windows computer is the event log. Almost everything that Windows does behind the scenes, including any potential problem that it identifies, gets recorded in the event log. It's not unusual for the log to grow by a few thousand entries every day. But although the logging facility is comprehensive, the range of tools which Microsoft provides in order to search and analyze the event it is not.

Basically, you're limited to something called the Event Viewer. You can browse by event type or by date/time, but the information is merely the raw data and it's down to you to make sense of it.

If you want a more powerful tool for analyzing your event log, then there are various products available. The good ones are invariably commercial and expensive. But thankfully, the market leader offers an option which is free for personal use, sufficiently powerful, and fun to explore.

The company concerned is Splunk, and the particular product is Splunk Light. You'll find it at https://www.splunk.com/en_us/download/splunk-light.html [3] and it's a 144 MB download, which is malware-free according to Web of Trust and my own virus scan efforts (it's too large for VirusTotal to analyze).

You'll need to register for a free Splunk account before you can download it. Once you've acquired the file and installed it, you access it on your computer via its built-in web server. Type http://localhost:8000 [4] into your web browser to get started, and log in as admin with a password of changeme. You then need to add data, and point Splunk Light at your computer's event logs. You can then start to browse and analyze them.

The free version of Splunk Light is limited to analyzing 500 MB of new log data every day, which is more than sufficient for just about any computer. And it works on servers too, if you run a server and you want to keep an eye on its logs.