locked
Log parser can not find the path specified error RRS feed

  • Question

  • User324469530 posted

    Hi,

    I want to query from "Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtxget" file  which is located on "C:\Windows\System32\winevt\Logs" but i get the below error.

    Error: Error retrieving files: Error searching for files in folder C:\Windows\System32\winevt\Logs: The system cannot find the path specified.

    My query is like that:

    "SELECT TimeGenerated ,EXTRACT_TOKEN ( Strings, 0, '|' ) AS SOURCENAME, EXTRACT_TOKEN ( Strings, 2, '|' ) AS userName, eventID into mytable FROM C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx ORDER BY timeGenerated DESC"

    Can you help me why I can not find the file with log parser.

    Friday, February 16, 2018 12:10 PM

All replies

  • User-1911490340 posted

    Hello,

    Use Sysnative alias instead of System32.

    The Log parser is a legacy application that is 32-bit and it seems that Microsoft has not upgrarded it to 64-bit yet. So you can not access some folders in System32 directly and will be redirected to SysWOW64 by default. You can use C:\Windows\Sysnative instead of C:\Windows\System32. Your issue will be resolved.

    Tuesday, April 3, 2018 7:08 AM