wevtutil - probably just missing something simple

Question

Here's a little background. I'm trying to read in .evt files with LogParser, but I'm getting a message saying that the file is corrupted. After some reading, it turns out it most likely has to do with the fact that I'm using Windows 7.

Here's my question. I want to take a .evt file and convert it to .evtx. Problem is, the file is from another machine, so I can't use a command like:

wevtutil epl application.evt application.evtx /lf:true

So what I need to do is something like:

wevtutil epl c:\evt\testlog.evt c:\evt\testlog.evtx /if:true

If I try to run the above, I get a message saying "Invalid option if. Option is not supported. The parameter is incorrect."

Note that I can't use the Windows event viewer to just "save as". I must do this via CLI.

What am I missing?

Answer 1

As grandpa would say, "I fingered it out". I had to run wevtutil IN THE DIRECTORY where the .evt files reside. So the command looks like this:

wevtutil epl testlog.evt testlog2.evtx /lf 

Hopefully this helps some other poor soul.