I need to export a certain subset of the events in the Security log, but the number of filtered event IDs is too large for one query. So I have split the IDs into three groups and saved individual query XML files for each.
I have my wevtutil statement set up properly for the first export, and it is readable in Event Viewer - yay! But I need to run wevtutil two more times, and have them append their results onto the output .evtx file from the first wevtutil command, to make one complete security log file, filtered as I need.
Is there an append option in the wevtutil command, or another way to do this?
Thanks,
Shane
I tried adding an -append flag to the second and third wevtutil commands, but got 'parameter is incorrect' error.