If Not Split($x,",")[5] = "560"
;If Not Split($x,Chr(9))[5] = "560" ;if TAB delimited
	;Write stuff $x to file2.txt
EndIf

$Handle1 = FreeFileHandle()
$Handle2 = FreeFileHandle()

If NOT @LOGONMODE
	Break ON
EndIf
Dim $SO
$SO = SetOption("Explicit","On")
$SO = SetOption("NoMacrosInStrings","On")
$SO = SetOption("NoVarsInStrings","On")
$SO = SetOption("WrapAtEOL","On")

Dim $InputFile, $OutputFile, $Handle1, $Handle2, $Line
$InputFile = "file1.txt"
$OutputFile = "file2.txt"

;Open first file for read, if fails, end code
$Handle1 = FreeFileHandle()
If Open($Handle1,$InputFile,2) = 0
	;Open second file for write, if fails, close first file, end code
	$Handle2 = FreeFileHandle()
	If Open($Handle2,$OutputFile,5) = 0
		;Read line after line until error code indicates there are no lines anymore
		$Line = ReadLine($Handle1)
		While @ERROR = 0
			;If NOT event 560 occurred, write line to second file
			If NOT Split($Line,",")[5] = "560"
				$SO = WriteLine($Handle2,$Line + Chr(13) + Chr(10))
			EndIf
		$Line = ReadLine($Handle1)
		Loop
		;Close files
		$SO = Close($Handle1)
		$SO = Close($Handle2)
	Else
		$SO = Close($Handle1)
	EndIf
EndIf

Quote:

---

Is the file comma delilited or tab delimited?
I thought you were looking for event 560?
I think the EventID is on the sixth position.
I think splitting the lines would give a more certain result.

---

The file is tab delimited
I m actually looking for each ID individually. When the file size is reduced, it becomes easier to log.
Splitting the lines also didnt help.
actually the script is not able to read the input file; may be it because of UNICODE issue. (I used event viewer to generate a sample text file)

Dim $InputFile, $OutputFile, $Handle1, $Handle2, $Line
$InputFile = "file1.txt"
$OutputFile = "file2.txt"