I am trying out the enterprise edition, and could not find documentation for reading event logs directly from .evtx file only, can anyone help in a sample config.

AskedJune 16, 2015 - 5:30pm

Answer (1)

See the NXLog Enterprise Edition Reference Manual that's bundled with the installer.

Basically you will need the following instead of Query:

File C:\Windows\System32\winevt\Logs\System.evtx