On a Windows 7 System, I want to export logs of a particular day into an xml file. I have tried using wevtutil but failed to get a query to read data for a particular day! Any help here ... I have tried till now wevtutil options and can output the whole eventlogs of Application or System into an XML file. I want the XPath to give me values only for say 2011-08-15. Thanks in advance! Vincent, Mountain View, CA

For example, to get all System log events recorded on 2011-08-18, type the following command: wevtutil qe System "/q:*[System[TimeCreated[@SystemTime>='2011-08-18T00:00:00' and @SystemTime<'2011-08-19T00:00:00']]]" If you want to allow for timezones, then use the following date formats in the above command (the example supposes your time zone is -7 hours from UTC): '2011-08-18T00:00:00-07:00' and '2011-08-19T00:00:00-07:00' The Event Log XML schema is documented in MSDN and in the Windows SDK: http://msdn.microsoft.com/en-us/library/aa385201(v=VS.85).aspx If you don't have the time to learn XPath, open Event Viewer, expand any event log, click Action, Filter Current Log, build the filter using the dropdown boxes and checkboxes, then click the XML tab to see your query in XPath format.Microsoft MVP Windows Expert Consumer | http://www.wintecnico.com