I'm trying to use Log Parser within PowerShell to export a Windows Evtx log file to CSV:
$logparser = "c:\program files (x86)\Log Parser 2.2\logparser.exe"
$allArgs = ("SELECT * INTO c:\logs\logs.csv FROM c:\logs\logs.evtx", "-i:evt", "-o:csv")
$ps = Start-Process -FilePath $logparser -ArguementList $allArgs -Wait -Passthru -NoNewWindow;
$ps.WaitForExit()
$ps.ExitCode;
But when I run this I get an error:
Error: detected extra argument "*" after query
The error code is 13. I tried putting the paths in single quotes and running it from the same directory as the logs but it keeps returning the same error.
You need to preserve the double quotes around the query string, otherwise it won't be recognized as a single argument by the spawned process.
Putting the query string (with double quotes) in single quotes might work:
$allArgs = '"SELECT * INTO c:\logs\logs.csv FROM c:\logs\logs.evtx"',
"-i:evt",
"-o:csv"
However, a much simpler solution to the problem would be to avoid Start-Process entirely and use the call operator (&) instead:
$logparser = "c:\program files (x86)\Log Parser 2.2\logparser.exe"
$query = "SELECT * INTO c:\logs\logs.csv FROM c:\logs\logs.evtx"
& $logparser -i:evt -o:csv $query