Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, July 22, 2020 8:24 AM
I am trying to capture DNS analytic log from my Domain controllers.
Since it creates ETL files I have managed to do a log rotation using scheduled Powershell script which converts the ETL file to EVTX and saves to a specific folder when the file reaches 1 GB of size. Since i have a very huge user force ,my ETL file reaches 1 GB in less than 15 mins .The EVTX file thus created is having approximately 600-1 GB of size. I would like to split this into 100 MB files each so that I can use it for some other application which only accepts the file size of maximum 100 MB.
Is there any option to split the event log files w.r.t the file size
Thanks
Sachin
All replies (4)
Wednesday, July 22, 2020 2:34 PM
Well, in about 30 seconds (using a search engine -- you should try those, they're great for this sort of problem!) I found this:
https://stackoverflow.com/questions/1001776/how-can-i-split-a-text-file-using-powershell
Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)
Wednesday, July 22, 2020 3:06 PM
Hi Rich ,
Thank you for your reply .I have already seen this and it was mainly discussing about the txt file which I also was able to split .But while managing evtx files ,I am able to split the files as mentioned in the script but came as corrupted
-Sachin
Wednesday, July 22, 2020 3:11 PM
Hi Rich ,
Thank you for your reply .I have already seen this and it was mainly discussing about the txt file which I also was able to split .But while managing evtx files ,I am able to split the files as mentioned in the script but came as corrupted
-Sachin
EVTX files are binary files and cannot be split. You can only read the records into a new EVTX file.
\(ツ)_/
Wednesday, July 22, 2020 3:15 PM
The EVTX files aren't text. You'll have to get your data into a different format and then try to split the file -- but by using lines not file size. Chopping a file into arbitrary chunks without regard for the data they contain doesn't usually work very well unless you reconstruct the file and restore its integrity.
In your case, the simplest thing to do is limit the size of the EVTX files to 100MB. The next best thing to do is as the application author to increase their arbitrary limit on the file size. 100MB is pretty small these days!
Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)