How to Clear all Event Logs in Event Viewer using Windows PowerShell
Information
This tutorial will show you how to quickly clear all event logs in Event Viewer with a one line PowerShell script.
This one line command clears each log in the Event log list one at a time.
wevtutil el gets the Event log list and passes the list to
Foreach-Object which calls
wevtutil cl for each log in the Event log list.
Note
This process does not clear Analytic or Debug logs. If you have them enabled, wevutl returns an error, but the other logs are cleared.
Warning
If you are trouble shooting an issue on your computer it is NOT advisable to clear the Event logs. The Event logs provide technical information about your system that could help resolve an issue.
Only clear the Event logs if your system is running well. The logs don't use a lot of resources so it doesn't hurt to leave them in place.
Here's How:
1. Open an elevated PowerShell prompt.
2. Copy and paste the command below into the PowerShell window, and press Enter.
wevtutil el | Foreach-Object {wevtutil cl "$_"}
4. Wait for the script to finish, then you can close PowerShell if you like.
5. All events have been cleared.
This tutorial showed you how to clear all logs in Event Viewer, but you can use the wevtutil command to clear individual event logs.
Instead of using the el parameter and piping the list to Foreach-Object, you would use the cl parameter and the log name.
Copy the line following the specific event log and paste the wevtutil line (the bold line) into the PowerShell window.
To clear the
- Application event log
wevtutil cl Application
- Security event log
wevtutil cl Security
- Setup event log
wevtutil cl Setup
- System event log
wevtutil cl System
You can clear any of the Event logs the same way, all you have to know is the log name.
To get a full list of the log names, simply enter wevtutil el in the elevated PowerShell window.
Then you can use the cl parameter and the event log name to clear that specific event log (see the examples above).
Note
There are two command parameters of wevtutil used in this section:
cl is the clear event log parameter
el is the event log list parameter
The results will be quite different if you use the wrong one. For any clear the log operation in this section, you will use the cl parameter.
Tip
While unrelated to clearing Event Viewer logs, this tip does clean up one particular event. WMI error 10 is erroneoulsy logged in the application log after every reboot.
This is easy to fix with
MS Fixit 50688 - scroll down on the MS Fixit page and click the Microsoft Fix it button.
Credits:
Joe Waldin: script source
Brink: tutorial housekeeping