Wevtutil to output event log description

Is there anyway to only output the description field in an event log entry?

Im current using:

wevtutil qe Application /q:*[System[(EventID=431)]] /f:text /rd:true /c:2 /gm:true > C  :\query.txt

However this output everything. I just want to output the description which is under:

<EventData> 
<Data> Description bllah blah</data> 
</EventData>

Solution

You can use /f:text modifier and grep with ^|FIND "Description"

wevtutil qe Application /q:*[System[(EventID=431)]] /f:text /rd:true /c:2 /gm:true ^|FIND "Description" > C:\query.txt

Note the ^ before the pipe, it escapes the pipe in scripts.

MSI created with WIX Toolset installs under C:\Program Files (x86)\
Windows: How to control the adaptive brightness?
How to open a project in the same window as the current windows project [WebStorm]
Setting emacs font under windows
How do I set up WinRM for Windows 2025 Server with Packer? Waiting for WinRM to become available
Notification after shut down on windows using python
How do I enable "Allow this device to wake the computer" programmatically?
Tomcat stop error
Windows: How to sign exe using certificate issued by Certum?
How to update Inno Setup AppVersion [Setup] value from Config.xml file
How do I achieve desktop overlay blur on Windows?
How do I make a list in CMake with the semicolon value?
windows run docker with --network=host and access with 127.0.0.1
How come in Visual Studio 2022 the sizeof unsigned long is 4 bytes and not 8 bytes?
Difficult to run
Unable to make folder readonly
Why is cmd with switch /c not working from File Explorer address bar as expected with closing console window after start of VS Code?
Export Charts from Excel as images using Python
What happens when I clone a repository with symlinks on Windows?
Execution stuck on ManualResetEvent.Set after suspending other thread
Tkinter how to distinguish between <Key> and <Control-Key> bindings?
How to set the title of a Windows console while npm is running?
How to change HOME directory and start directory on MSYS2?
FFmpeg av_dump_format showing incorrect output, but ffprobe displays correct metadata
Windows/NetBeans platform - Getting JAVA_HOME environment variable into conf file
opening directories like "THIS PC" or "NETWORK" from file manager
How to open 'This PC' using CMD or Powershell?
CryptographicException: Access denied - How to give access on User store?
Missing DLL even though the directory containing it is in the path
How do I tell CMake to use Clang on Windows?