When it comes to returning all the events in an evtx file, there are many files where it does not capture all the events, only a percentage, almost always excluding the most recent events. For example, I have the file Security.evtx with more than 2000 events. of which it only always recognizes the last 99 ones. There are no broken events btw. Does anyone know anything about it?
I attached my Security.evtx file if anyone want to make tests. It has 2508 events but I always get only 99.
When it comes to returning all the events in an evtx file, there are many files where it does not capture all the events, only a percentage, almost always excluding the most recent events. For example, I have the file Security.evtx with more than 2000 events. of which it only always recognizes the last 99 ones. There are no broken events btw. Does anyone know anything about it?
I attached my Security.evtx file if anyone want to make tests. It has 2508 events but I always get only 99.
Security.zip