microsoft/EventLogExpert v26.6.1.1342

v26.6.1.1342

Repository: microsoft/EventLogExpert

Tag: v26.6.1.1342

Published: 2026-06-01T22:46:52Z

Prerelease: yes

Release notes: All changes since the last stable release (v26.3.5.912).

Highlights

• Database Tools UI is now available from the Tools menu, giving Create/Diff/Merge/Show/Upgrade provider-database operations an in-app tabbed workflow with live logs, safer file picking, and elevation awareness.
• Provider database management moved into Database Tools — a new Manage tab centralizes status, enable/disable, upgrade, restore-from-backup, classification retry, and removal. Changes are staged and applied explicitly so accidental database edits are less likely, and an opt-in selection mode unlocks bulk upgrade and bulk remove with per-row progress.
• Light mode is now available, with an option to follow your Windows theme. The title bar follows it too.
• Reorder event table columns by drag-and-drop. Column widths and order are remembered across sessions.
• International Windows support — events on non-English Windows installs (and exported .evtx files that include a LocaleMetaData folder) now resolve to readable text instead of falling back to placeholders.
• Better text for "no provider" events — when an event has no provider metadata, the app now shows the event's data and a meaningful success/error message instead of placeholders. Channel-only providers resolve correctly, and older events that share IDs are now disambiguated.
• Provider database recovery — imported databases are checked when they load, with clear status indicators in the Manage tab. Old (V3) databases automatically upgrade to the new V4 format; empty or unrecognized files are set aside instead of breaking event resolution. If an upgrade is interrupted, a recovery dialog walks you through finishing it. Newly imported databases stay disabled until you turn them on.
• In-app banners are smoother and smarter — upgrade, recovery, crash, and database-attention banners coordinate with modals more cleanly, swap with less flicker, route database actions directly to the Database Tools modal, and handle priority changes predictably instead of bouncing back to stale selections. "No events found" alerts are still grouped together when you open several logs at once.
• Filter overhaul — filters re-evaluate only when they actually change, run in parallel when there are lots of events, and new events are checked against active filters as they arrive instead of re-filtering every open log. Filter rows have been redesigned around predicate "chips" with clearer validation and Done/Add gating.
• Faster combined view — when multiple logs are open, the Combined view is now built once and updated in place as events stream in, instead of being rebuilt from scratch on every update. Live tailing is dramatically faster and uses less memory.
• New menu bar replaces the older Windows menu bar and simplifies right-click menus across the app.
• Debug Log modal now has filtering, scrolls smoothly through large logs, lets you export the contents, and shows newest entries first as they stream in.
• More reliable live event subscriptions — the underlying watcher is more resilient to exceptions, won't get stuck on stop, and won't leak system handles. The initial backlog drains more cleanly when you open a log.
• Accessibility improvements — skip-to-content link, screen reader announcements (including completion announcements for long-running operations), visible keyboard focus, respect for reduced-motion preferences, page landmarks, proper button roles, correct keyboard tab order on database rows, and visual cues that don't rely on color alone.
• Details pane height is remembered between sessions.
• DbTool now reads MTA files, supports more event types and variant types, and the app correctly identifies more severity levels for broader event coverage.
• Major performance and memory pass — many smaller improvements across the app add up to faster load times, smoother scrolling, and lower memory use, especially with multiple logs open.

Features

• Database Tools is available from the Tools menu, with a tabbed modal and vertical tab strip for Create, Diff, Merge, Show, Upgrade, and Manage provider-database operations.
• Database Tools includes a live log view that streams operation output while long-running work is in progress.
• Database Tools uses an elevation-safe Win32 file picker for choosing database paths and output locations.
• Database tooling caches the elevation check and warns when EventDbTool starts without administrator rights.
• Light mode with a "Follow system" option; the title bar honors the OS theme.
• Drag-and-drop column reordering in the event table; column widths and order are remembered.
• Details pane height is remembered between sessions.
• XML is now always available without flipping a toggle. It's only generated when a filter actually needs it, so there's no performance cost when you don't use it.
• New menu bar with a consistent look, replacing the older Windows menu bar (right-click menus are simpler too).
• Improved keyboard navigation in the event table.
• The "Open by Log Name" picker now mirrors the folder structure you'd see in Event Viewer (MMC).
• Exported .evtx files with a LocaleMetaData folder are now fully supported.
• DbTool can read MTA provider files.
• More events display the correct severity (Information / Warning / Error / Critical / Verbose).
• More event types and variant types are recognized, so more events resolve to readable text.
• The title bar now shows the app name and version before any open log names.
• In-app release notes and Markdown content now render italics.

Database Tools & Manage Tab

• A new Manage tab in the Database Tools modal is the single place to enable/disable, upgrade, restore, remove, and retry classification on imported provider databases.
• Edits in the Manage tab are staged and only applied when you save changes, so you can review (or back out) toggle changes, restores, and removals in one batch instead of one-at-a-time confirmations.
• Optional selection mode (toggled by a Select trigger) unlocks bulk Upgrade and bulk Remove across multiple databases.
• Multi-select removal of databases lets you take several entries out at once; the confirmation still warns you that affected logs will close and reopen.
• Per-row Upgrade progress is shown…