Log parser can not find the path specified error
Last post Apr 03, 2018 07:08 AM by sadeghi2020
Feb 16, 2018 12:10 PM|amanbre|LINK
I want to query from "Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtxget" file which is located on "C:\Windows\System32\winevt\Logs" but i get the below error.
Error: Error retrieving files: Error searching for files in folder C:\Windows\System32\winevt\Logs: The system cannot find the path specified.
My query is like that:
"SELECT TimeGenerated ,EXTRACT_TOKEN ( Strings, 0, '|' ) AS SOURCENAME, EXTRACT_TOKEN ( Strings, 2, '|' ) AS userName, eventID into mytable FROM C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx ORDER
BY timeGenerated DESC"
Can you help me why I can not find the file with log parser.
Apr 03, 2018 07:08 AM|sadeghi2020|LINK
Use Sysnative alias instead of System32.
The Log parser is a legacy application that is 32-bit and it seems that Microsoft has not upgrarded it to 64-bit yet. So you can not access some folders in System32 directly and will be redirected to SysWOW64 by default. You can use
C:\Windows\Sysnative instead of C:\Windows\System32. Your issue will be resolved.