Powershell – How to Clear Event Logs with Powershell


Hi there,

In my previous post, we saw how to increase the Event Log File Size using Powershell. Continuing on the same lines, today we will see how to clear Event Logs with Powershell.

First lets go back to see how I got this idea of writing this article. I got a complain from one of the users stating that they were unable to login due to the below error message.

The security log on this system is full. Only administrators can log on to fix the problem.

So I knew that I need to dig into my logs to find out what is wrong. To do so, you would need to open Event Viewer. Go to security logs, right click on Properties and check the size of the Event Log File.

You would realize that this is full and you need to delete the logs to clear some space.

You can do the same thing i.e Clear Event Logs with Powershell as well. Frankly, this is a much easier way. We will be using Clear-EventLog cmdlet for this.

Clear-EventLog -logname Security

Well, it was that easy.

Now imagine, that you get the same error with a whole bunch of computers. Let us assume that you are getting this error from a set of application servers residing in a particular OU of the Active Directory.

In that case, I have written a small script which will retrieve the computers and clear event logs with Powershell.

Import-Module ActiveDirectory
Get-ADComputer -Filter * -SearchBase "OU=Application,dc=enterprisedaddy,dc=com" | select Name | Export-Csv C:\Comp.csv
$Servers = Import-Csv C:\Comp.csv
foreach ($Server in $Servers){
CLear-EventLog -logname Security -computername $Server.Name

At first, we are importing the Active Directory Module.

Next up, we are querying a particular and selecting all the computers and creating a csv file.

In the next line, we are going to import the computer names and assign it to a variable.

Now we will apply a foreach loop and clear event logs with Powershell one by one.

Feel free to customize this as per your need.

Happy scripting!

I hope this was informative and thank you for reading!


About Author

I am Adil Arif, working as a Senior Technical Support Engineer at Rubrik as well as an independent blogger and founder of Enterprise Daddy. In my current role, I am supporting infrastructure related to Windows and VMware datacenters.

Leave A Reply