For feature updates, it may become necessary to investigate *.etl files. The following code shows how to retrieve and work with these kinds of files and also filter the data to find the important information. We again make use of the Get-WinEvent cmdlet, and after loading the file with this cmdlet, the usage should again look very familiar to you:
#Defining the etl file
$etlFile = 'C:\Windows\Panther\setup.etl'
#Retrieving the content
$log = Get-WinEvent -Path $etlFile –Oldest
#Finding the ProviderName
$ProviderNames = $log | Select-Object Providername -Unique -ExpandProperty ProviderName
#Filtering
$log.Where{$_.Providername -eq $($ProviderNames[1])}
$log | Where-Object {$_.ProviderName -eq "$($ProviderNames[0])"} | Select-Object -First 10
$log | Where-Object {$_.ProviderName -eq 'Microsoft-Windows-Services'}
#Exporting the log data...