Purpose:
You would like to create a filtered Event Viewer file with specific PDQ information, include Event Viewer files (.EVTX) with your support ticket, or would like to filter PDQ events in Event Viewer.
Resolution:
In order to create an EVTX file with PDQ log entries, perform the following:
Option 1: The easy way
You can use a PowerShell script to automagically gather PDQ event logs into an EVTXfile.
Feel free to use this "Get-PDQEventLogs.ps1" that one of our Dev team has hosted for use on Github: https://gist.github.com/stevenpdq/042258143af30ef7e7f41f71a8596eb1
Option 2: The manual way
1. Open Event Viewer (Run > eventvwr)
2. Open Windows Logs > Application log.
3. With Application log selected, in the right-hand navigation pane (Actions), select Filter Current Log...
4. In the Filter Current Log window, use the Event sources drop-down to select the following three items (if they exist): PDQ Deploy, PDQ Inventory, and .NET Runtime.
5. Leave everything else as-is unless you want to further filter by Event Level, and click OK.
6. You should now see a filtered log view.
7. Click on Action in the upper left-hand menu and select Save Filtered Log File As... or Save Selected Events...
8. In the Save As window, choose a File Name (e.g. the error, the date, or your ticket number) and keep the Save as type set to Event Files (*.evtx).
9. Save the <FileName>.evtx log file.
10. Keep for your records or submit with your PDQ.com support ticket.
