Complete Guide: How to Read Windows Update Logs

  • Last updated
How to Read Windows Update Logs in Windows blog banner image
  • Last updated

This comprehensive guide demonstrates how to read Windows Update logs in Windows 11 and Windows 10 and explains how to use them to troubleshoot problems with your Windows PC. It includes step-by-step instructions for accessing Windows logs, information about what logs mean, and tips for interpreting them.

Troubleshooting Windows Update can be tricky, and being able to read and understand the contents of Windows Update logs will assist you in solving issues faster, with less guesswork.

An overview of Windows Update logs and their importance

A log (or log file) is a record of actions taken by a computer program that can later be used to see what it did and when (and sometimes, why). Log files are usually plain text files with one line of text per log entry. This information contained in logs can be later used to troubleshoot issues, confirm that an action was successful, or audit the behavior of programs and users to monitor for unauthorized or malicious activity.

Windows Update generates log files that contain detailed information about the Windows Update process to assist with troubleshooting, including the following data:

  • Timestamp: The date and time the log entry was created.
  • Process ID: The ID of the process that generated the log entry.
  • Thread ID: The ID of the thread that generated the log entry.
  • Component: The Windows Update component that generated the log entry.
  • Message: A message describing what action was taken.

Here’s what a series of log entries in a Windows Update log file looks like when exported as text:

2024/11/22 10:13:34.567 12345 67890 Shared * START * Checking for updates

2024/11/22 10:13:35.678 12345 67890 Handler Downloading update KB1234567

2024/11/22 10:13:36.789 12345 67890 Handler Successfully downloaded update KB1234567

2024/11/22 10:14:10.123 12345 67890 Handler ERROR: 0x711f123f Failed to install update

Keeping Windows up-to-date is vital to protect against malware and cybersecurity threats. Windows Update also handles keeping your drivers and other Windows features at their latest versions, ensuring you have the latest stability bug fixes and are getting the best possible performance out of your hardware.

If Windows Update stops functioning properly, it is important to resolve the issue as quickly as possible, and its log files will contain detailed information to assist with this.

How to access Windows Update logs in Windows 11 and Windows 10

The steps for viewing Windows Update logs are the same in both Windows 11 and Windows 10.

You will need to be logged in as an Administrator to perform the below actions.

Viewing Windows Update logs using the Event Manager

The Windows Event Viewer provides an interface for viewing logs from Windows and other applications. The Event Viewer can be used to browse and export logs, and includes the ability to search and filter logs by date and type.

  • Right-click on the Start button
  • Click on Event Viewer
  • Navigate to Applications and Service Logs\Microsoft\Windows\WindowsUpdateClient in the navigation tree in the left panel
  • Expand the WindowsUpdateClient item and click on Operational to view the Windows Update events in the log.

Click on Operational to view the Windows Update events in the log

You can click on an event to view more details about it, and use the Filter Current Log function to narrow down your search.

Exporting Windows Update log files using Get-WindowsUpdateLog (PowerShell)

Note that you’ll need to open an elevated PowerShell prompt to use this command.

The Get-WindowsUpdateLog PowerShell command merges and exports Windows Update logs into a file on your desktop:

  • Right-click on the Start button
  • Click Terminal (Admin) if you are running Windows 11, or select Windows PowerShell (Admin) if you’re using Windows 10
  • In the PowerShell window, enter the command Get-WindowsUpdateLog followed by the Enter key
  • Windows Update logs will be exported to the file WindowsUpdate.log on your desktop

The format of this file will match the example log text shown earlier in this article (note that there are no column headings included in the file).

Filtering Get-WindowsUpdateLog output

As the .log file generated by Get-WindowsUpdateLog is just a text file, you can use PowerShell’s built-in utilities to quickly search it. In the below example, Select-String is used to output only the lines that contain the text “Error”.

Get-Content “C:\WindowsUpdate.log” | Select-String “Error”

If you wanted to only get log entries for a certain date, you could replace the text Select-String searches for with the required date. Due to the way dates are formatted, you can filter down to the hour or minute by expanding the text search. PowerShell can be used to automate many system tasks, making it possible to quickly export log files and scan them for potential failed updates or other issues.

How to read and interpret Windows Update logs

The easiest way for most users to understand Windows Update logs is to use the Event Viewer method, as it provides a graphical, user-friendly way to explore logs, where all the information is labeled and searchable.

The DateSeverityEvent ID, and log Message are the most relevant pieces of information included. If you notice Windows Updates are failing in the Windows Settings App, you can use the Event Viewer to find errors for the date those updates failed and see if the message includes any additional information.

Windows Update log entries will have a severity of either InfoWarning, or Error. You should start by looking for errors that indicate failures, and then if that doesn’t reveal the cause of your problem, continue searching for warnings or informational entries that may indicate something is not completing successfully (or repeatedly being retried without outright failing).

If you know the ID of the update that is failing (which should be visible from any error you see in Windows Update in the Settings App), you should search for that ID (e.g. KB0123456) directly to determine why it is failing. Within the event viewer, you can see the update ID that is related to an event in the event’s Details tab.

you can see the update ID that is related to an event in the event's Details tab.

Troubleshooting common issues using update logs

If the information you find in the error log is ambiguous and doesn’t plainly tell you what went wrong, you can search for the update ID online for more information.

Searching for the Event ID and the Source of the error listed in the Event Viewer will also help you identify potential issues, and at what stage of the update process they occurred. If you decide to share the contents of your logs online so that others can help you troubleshoot, make sure you limit them to only the relevant log entries, and carefully read through them to make sure no private information is included.

Below are some common Windows Update errors that can be identified using the Event Viewer:

  • Network connectivity problems: Checking for and installing updates will fail if the internet connection is not reliable.
  • Not enough disk space: Updates will fail to install if there is not enough disk space.
  • Missing or corrupted Windows system files: If your Windows operating system has become corrupted, updates may fail. You can attempt to fix this by running sfc /scannow from an elevated PowerShell prompt.
  • Software conflict or outdated drivers: Old drivers may conflict with the installation of new drivers. Conflicting software can be uninstalled if an update is trying to replace them but is failing.
  • Pending restart: An update may fail if previous updates are waiting for your system to restart to complete their installation.

The specific fix for a failed update will depend on the update, and the reason it failed. Usually, the resolution can be found online. If a driver update has failed, downloading the latest driver directly from the manufacturer may resolve the issue. Windows updates can also be manually downloaded if ongoing connectivity issues are causing Windows Update to fail.

Troubleshooting fleets of Windows devices with centralized logging

Pre-empting system issues by monitoring Windows Update logs, and troubleshooting by using them when something does go wrong, can greatly reduce the amount of time and effort required to keep a fleet of Windows devices healthy.

While PowerShell can be leveraged to automate the process to a degree, it still requires manual scripting and maintenance, as well as additional infrastructure for collecting log files.

NinjaOne provides a complete endpoint management solution that allows you to centrally monitor and maintain tens or thousands of Windows, Apple, and Android devices, including patch management to ensure that every device is up-to-date, and that any update issues are immediately flagged and quickly remediated.

Next Steps

Building an efficient and effective IT team requires a centralized solution that acts as your core service deliver tool. NinjaOne enables IT teams to monitor, manage, secure, and support all their devices, wherever they are, without the need for complex on-premises infrastructure.

Learn more about Ninja Endpoint Management, check out a live tour, or start your free trial of the NinjaOne platform.

Start your Free Trial

You might also like

How to Backup and Restore Device Drivers in Windows 11 & Windows 10 blog banner image

How to Backup and Restore Device Drivers in Windows 11 and Windows 10

How to Change Wireless Network Connection Priority Order in Windows blog banner image

How to Change Wireless Network Connection Priority Order in Windows

How to Enable or Disable BSOD Automatic Restart in Windows blog banner image

How to Enable or Disable BSOD Automatic Restart in Windows

How to Restore Administrative Tools in Windows blog banner image

How to Restore Default Administrative Tools in Windows

How to Change Registered Owner and Organization of your Windows PC blog banner image

How to Change the Registered Owner and Organization of Your Windows PC

How to Manage Windows 10 Virtual Memory Pagefile blog banner image

How to Manage Windows 10 Virtual Memory Pagefile

Ready to simplify the hardest parts of IT?
Start a Free Trial
Get a demo
×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).
I Accept