A Flask-based web application that analyzes Windows Event Logs using Google Gemini AI.
✅ Responsive HTML Interface - Modern, user-friendly web app that works on desktop and mobile ✅ Event Log Analysis - Retrieve and analyze Windows Event Viewer logs ✅ Dropdown Selectors - Easy selection of event log types and source names ✅ Bulk Event Retrieval - Get all occurrences of a specific event ID for comprehensive analysis ✅ AI-Powered Analysis - Uses Google Gemini API for analysis ✅ JSON Data Storage - All analysis results saved as JSON for future reference ✅ Analysis History - View and expand previous analysis results ✅ Real-time Event Preview - Preview matched events in a formatted table before analysis
app.py- Flask server with REST API endpoints (Gemini-only)/api/log-types- Get available event log types/api/sources/<log_type>- Get source names for a log type/api/events- Retrieve events matching criteria/api/analyze- Analyze events with AI model/api/results- Get all saved analyses/api/results/<filename>- Get specific analysis
templates/index.html- Main HTML page with form and tabsstatic/style.css- Responsive stylingstatic/script.js- Client-side logic and API calls
data/directory - Stores analysis results as JSON files
- Windows operating system (for Event Log access)
- Python 3.8+
- Google Gemini API key (set
GEMINI_API_KEYenv var or provide in UI)
-
Install Python dependencies:
pip install flask requests pywin32 google-generativeai
-
Provide Gemini API key:
- Set environment variable:
set GEMINI_API_KEY=your_key(Windows PowerShell/CMD)
- Set environment variable:
-
Run the application:
python app.py
-
Access the web app:
- Open browser to
http://localhost:5000
- Open browser to
-
Select Log Type (required)
- Choose from: System, Application, Security, Setup
- Source list auto-populates
-
Optional Filters
- Source Name - Filter by event source (e.g., NVIDIA, Windows Update)
- Event ID - Filter by specific event ID (e.g., 41 for power events)
- Max Events - Set how many events to retrieve (default: 50)
-
Preview Events
- Click "Preview Events" to see matching events in a table
- Review before sending to AI
-
Analyze with AI
- Click "Analyze with AI" to send events to Google Gemini
- Optional: Add custom analysis prompt
- Wait for AI analysis results
-
View Results
- See AI analysis with summary, issues, causes, and recommendations
- Results automatically saved as JSON
-
Check History
- Switch to "Analysis History" tab
- View all previous analyses
- Click items to expand and see full details
- Default Log Type: System
- Max Events: 50
Edit in the web form:
- Provide
Gemini API Key - Adjust max events retrieved
- Provide custom analysis prompts
| Type | Description |
|---|---|
| System | Windows kernel, drivers, hardware events |
| Application | Application errors, warnings, info |
| Security | Security events (audit logs, logins) |
| Setup | Application installation events |
curl http://localhost:5000/api/log-typescurl http://localhost:5000/api/sources/Systemcurl -X POST http://localhost:5000/api/events \
-H "Content-Type: application/json" \
-d '{
"log_type": "System",
"source_name": "NVIDIA",
"event_id": "41",
"max_count": 100
}'curl -X POST http://localhost:5000/api/analyze \
-H "Content-Type: application/json" \
-d '{
"log_type": "System",
"source_name": "NVIDIA",
"event_id": "41",
"gemini_api_key": "YOUR_GEMINI_KEY"
}'{
"timestamp": "2026-01-03T22:38:45.123456",
"log_type": "System",
"source_name": "NVIDIA",
"event_id": "41",
"event_count": 5,
"events": [
{
"EventID": 41,
"SourceName": "NVIDIA",
"TimeGenerated": "2026-01-03 22:38:45",
"EventCategory": 0,
"EventType": 1,
"Message": "The system has rebooted...",
"LogType": "System"
}
],
"analysis": "AI analysis results here..."
}If the AI model endpoint is unavailable, the app provides basic heuristic analysis:
- Detects power-related events (EventID 41, 105, Kernel-Power source)
- Provides quick recommendations without AI
The app is fully responsive and works on:
- ✓ Desktop browsers (Chrome, Firefox, Edge, Safari)
- ✓ Tablets and mobile devices
- ✓ Small screens (480px+)
- Ensure Flask is running on
http://localhost:5000 - Check Python console for errors
- Verify your Gemini API key is correct and has quota
- Check console output for Gemini API errors
- Verify log type and filters are correct
- Some logs may not have matching events
- Try without filters (leave event ID blank)
- Change port in app.py:
app.run(..., port=5001) - Or kill process on port 5000
DemoEventViewerLogAI/
├── app.py # Flask backend
├── templates/
│ └── index.html # Main HTML page
├── static/
│ ├── style.css # CSS styling
│ └── script.js # JavaScript logic
├── data/ # JSON analysis results
└── README.md # This file
Provide domain-specific analysis instructions:
"Analyze these GPU driver events and identify stability issues..."
"Look for security audit failures and explain the access violation..."
Analyze all occurrences of an event ID across different sources:
- Select log type
- Leave source name empty
- Enter specific event ID
- Retrieve and analyze all matches
- Max Events: Start with 50, increase if needed (max 500)
- Event ID Filter: Dramatically speeds up retrieval
- Source Filter: Use when analyzing specific components
- Prompt Length: Longer custom prompts may take longer to analyze
- Windows OS (Event Log access)
- Python 3.8+
- Flask, requests, pywin32 packages
- Google Gemini API key
- 4GB+ RAM recommended
- ~2GB disk space for models (depends on model size)
This project uses Windows Event Log APIs and Google Gemini API.
For issues with:
- Flask/Python: Check Python version and installed packages
- Event Logs: Ensure running as Administrator if needed
Last Updated: January 3, 2026