Edit the Windows event log using the command line tool “wevtutil”

The Windows event log is the first point of contact if problems occur with the Windows PC. The event log is normally edited via the Windows Event Viewer (services.msc) . But what very few Windows users or administrators know, there is also a command line command with which the Windows event log can be edited. The necessary command is


This command line tool , which is supplied by Microsoft with every Windows version free of charge, is used to call up information on event logs. With the tool, event manifest files can be installed and uninstalled, the event logs queried, explored, deleted and archived. You can call up the various functions via an extensive parameter list.

Wevtutil parameters Description of the parameters
el | enum logs List the protocol names.
gl | get-log Gets the protocol configuration information.
sl | set log Changes the configuration of a protocol.
ep | enum publishers Retrieve the publisher configuration information.
in | install-manifest Installs event publishers and logs from the manifest file.
at | uninstall-manifest Uninstalls event publishers and logs from the manifest file.
 qe | query events Queries events from a log or a log file.
gli | get-log-info Gets the log status information.
epl | export log Exports a log.
al | archive-log Archives an exported log.
cl | clear log Deletes a log.

wevtutil parameters

Here are a few examples for calling the ” wevtutil ” tool including an explanation.

Overview of all event log names

With the following command you can get an overview of all available Windows event log names.

wevtutil el

Below you can see the command and the display of the first available event logs.

wevtutil ev List of event logs

Clear event log by command

With the following command you can then delete individual event logs completely. As an example, we have completely deleted the “Application” event log. The complete command is:

wevtutil cl Application

wevtutil cl Application Delete event log of the applications

If you call up the event log via ” services.msc ” after issuing the command , the complete event log ” Applications ” is empty. You can also recognize this from the fact that ” Number of events: 0 ” is displayed.

Number of events 0

Most of the parameters of the ” wevtutil ” command are self-explanatory and very easy to use. We find the tool very useful and use it relatively often.

If you are interested in other useful Windows commands , take a look at the following amounts.

– Generate large dummy files manually and quickly using a command with FSUTIL – Reset
the local GPOs completely
using a command – ISOBURN – Windows ISO burning program as command line command
– Call up system administration tools in Windows 10 – Show
or delete available WLAN connections using a command
– RAM diagnosis with MDSCHED (Windows command)
– Control shortcuts for important Windows setting options
– PowerShell command to deactivate the firewall
– Shut down Windows and restart with PowerShell commands