Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Event Viewer: Clear All Events


Event Viewer: Clear All Events

How to Clear all Event Logs in Event Viewer using Windows PowerShell
Published by Slartybart
31 Jan 2014
Published by

How to Clear all Event Logs in Event Viewer using Windows PowerShell

information   Information
This tutorial will show you how to quickly clear all event logs in Event Viewer with a one line PowerShell script.

This one line command clears each log in the Event log list one at a time.
wevtutil el gets the Event log list and passes the list to
Foreach-Object which calls
wevtutil cl for each log in the Event log list.

Note   Note
This process does not clear Analytic or Debug logs. If you have them enabled, wevutl returns an error, but the other logs are cleared.

warning   Warning
If you are trouble shooting an issue on your computer it is NOT advisable to clear the Event logs. The Event logs provide technical information about your system that could help resolve an issue.
Only clear the Event logs if your system is running well. The logs don't use a lot of resources so it doesn't hurt to leave them in place.


Here's How:

1. Open an elevated PowerShell prompt.

2. Copy and paste the command below into the PowerShell window, and press Enter.
wevtutil el | Foreach-Object {wevtutil cl "$_"}
Name:  EventViewer_PScmd.png
Views: 39286
Size:  21.2 KB
4. Wait for the script to finish, then you can close PowerShell if you like.

5. All events have been cleared.


This tutorial showed you how to clear all logs in Event Viewer, but you can use the wevtutil command to clear individual event logs.
Instead of using the el parameter and piping the list to Foreach-Object, you would use the cl parameter and the log name.

Copy the line following the specific event log and paste the wevtutil line (the bold line) into the PowerShell window.


To clear the
  • Application event log
    wevtutil cl Application

  • Security event log
    wevtutil cl Security

  • Setup event log
    wevtutil cl Setup

  • System event log
    wevtutil cl System
You can clear any of the Event logs the same way, all you have to know is the log name.
To get a full list of the log names, simply enter wevtutil el in the elevated PowerShell window.

Then you can use the cl parameter and the event log name to clear that specific event log (see the examples above).

Note   Note
There are two command parameters of wevtutil used in this section:
cl is the clear event log parameter
el is the event log list parameter

The results will be quite different if you use the wrong one. For any clear the log operation in this section, you will use the cl parameter.

Tip   Tip
While unrelated to clearing Event Viewer logs, this tip does clean up one particular event. WMI error 10 is erroneoulsy logged in the application log after every reboot.
This is easy to fix with MS Fixit 50688 - scroll down on the MS Fixit page and click the Microsoft Fix it button.



Credits:
Joe Waldin: script source
Brink: tutorial housekeeping





16 Feb 2014   #1
DavidE

Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64
 
 

Nice tutorial!
Does clearing event logs make a noticeable performance improvement or a significant decrease in space used on the C drive?
My OSs were installed 4+ years ago and I've never cleared logs.

Thanks,
David


My System SpecsSystem Spec
16 Feb 2014   #2
Brink
Microsoft MVP

64-bit Windows 10 Pro
 
 

Hey David,

It makes no difference in performance, and not much hard drive space would be regained. It's mostly just if you wanted to clear the logs.
My System SpecsSystem Spec
16 Feb 2014   #3
DavidE

Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64
 
 

Thanks Shawn
My System SpecsSystem Spec
.

16 Feb 2014   #4
Brink
Microsoft MVP

64-bit Windows 10 Pro
 
 

Your welcome.
My System SpecsSystem Spec
17 Feb 2014   #5
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Thanks David,

Shawn is right... no performance boost or even significant space reclamation.

Reading logs is an art - clearing the logs simply removes ancient history. The MS Fixit tip at the bottom is probably more important to me because it stops a bogus error log so I don't have to think "Hey there's an error.... is it important? Nah, it's just that WMI 10 log entry..." The entries for WMI 10 are still there until you clear the event logs.

The real trick is NOT clearing the logs too often - you might lose that key piece of information.

Rule of thumb: if your system is stable and has been for a while - clear the logs. In a year or two, same conditions, clear the logs again. This really isn't something you have to do on a regular basis.

Bill
.
My System SpecsSystem Spec
17 Feb 2014   #6
DavidE

Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64
 
 

Thanks for the info.
My systems are stable. No problems with updates, no crashes, etc.
I just know as soon as I clear the logs something will happen, and I'll wish I had the history.
My System SpecsSystem Spec
28 May 2014   #7
giblet

Windows 7 Ultimate 64bit
 
 
BAT file for lazy people...

@echo off
FOR /F "tokens=1,2*" %%V IN ('bcdedit') DO SET adminTest=%%V
IF (%adminTest%)==(Access) goto noAdmin
for /F "tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G")
echo.
echo goto theEnd
:do_clear
echo clearing %1
wevtutil.exe cl %1
goto :eof
:noAdmin
exit


Copy to Notepad and save as *.BAT

Double click to run BAT files.

All logs cleared.
My System SpecsSystem Spec
28 May 2014   #8
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

giblet, see the related tutorial for the Command Prompt version. This tutorial is a Powershell script.
Event Viewer One Click Clear
My System SpecsSystem Spec
21 Oct 2015   #9
edassange

W7 Home Premium x86 SP1 Build 7601
 
 

When I try this it says "Fails to clear log...The requested operation cannot be performed over an enabled direct channel".
My System SpecsSystem Spec
Comment

 Event Viewer: Clear All Events




Tutorial Tools





Similar help and support threads
Windows 7 Tutorial Category
How To Clear Administrative Events Log - Event Viewer
Hi: Does anyone know how to clear the Administrative Events log listed under Custom Views in the Event Viewer? All the logs listed under the Windows logs have options to clear, but the above does not. Thanks, ColTom2
Performance & Maintenance
Event Viewer One Click Clear
How to Clear Event Viewer with One Click in Windows This will show you how to create a command line shortcut that will clear all of the Event Viewer logs in one click. Here is a batch file that can help you clear the event viewer in one click....
Tutorials
45,120 events in event viewer, I have a keylogger
I have Been getting bsod xd1 from iastora.sys I have come to the conclusion that I want it gone and want to switch to ahci and get rid of irst. Only problem is I heard you have to reinstall to do that and I don't want to. I really need this done and I'm scared because I get bsod in the middle of...
System Security
Events Viewer
I am running Win 7 Pro, 32 bits I was trying to run down a problem with Windows Explorer crashing and wanted to check the Events Log. When I went to check it it I got this: I then check Services and got this:
BSOD Help and Support
How to clear Administrative Events under Custom Views?
How does one clear these? pls view attachment, thanks.
Performance & Maintenance
How to clear events in viewer?
How, in W7, does one clear the events? In vista, I went to actions and clear events. On W7, I do not see a clear events. Thanks Dave
General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:44.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App