![]() Repeat the process from the previous section: go to the Event Viewer window, right-click Custom Views, and click on Create Custom View. We’ll start by creating a new custom view. Let’s look at how we can use XML querying for more powerful filtering. The custom view you’ve just created is already an improvement over the basic filtering capabilities. After you’re done, click OK and you should see your brand-new custom view: Using XML Filtering After clicking on OK, this is what you should see:įor the name, I’ll use My Custom View, and I’ll leave the description blank. ![]() I’ll leave the remaining options with their default values. ![]() On the Event Viewer window, right-click on Custom Views and then click on Create Custom View:įor this example, these are the settings I’m picking: Custom views allow you to use exactly the information you need, combining events from different logs or different sources. If you have more advanced filtering needs, you need custom views. The filtering capabilities we’ve discussed so far might be enough if you have basic filtering needs, but they have limitations. With the basic filtering techniques out of the way, let’s focus on more advanced ones. Ranges also work: you can use a minus sign to separate the first ID from the last.īoth sides are inclusive, as you can see from the following example: Advanced Log Filtering To exclude a given ID, start with a minus sign. You just have to enter IDs separated by commas. You can easily include or exclude events IDs. Filtering by Events IDsīefore covering more advanced techniques, I’ll share a final tip. You can check how many levels you want to filter by:Ĭlick on OK when you’re ready, and the filtering will take place. Immediately after the options for filtering by time, you’ll see several boxes referring to event levels. ![]() Go back to the Event Viewer home screen, expand the Windows option again, and right-click one of the logs found there. Then go back to the previous screen, click OK, and the filtering will occur. To be able to choose the date and time for the “From” time stamp, click on the first combo box and change it to “Event On.” You can also do the same for the second time stamp.Īfter configuring the dates to your needs, click OK. You’ll notice you can’t choose the date and time for the filter. Since all the other alternatives are self-explanatory, click on Custom range. Clicking the combo box next to the label allows you to see the existing options for this field: The first option is Logged, which refers to the time stamp for the event. In the newly opened window, you’ll see options you can use to filter the log. Then, right-click Application and click on Filter Current Log. With the Event View window open, expand the Windows Logs option. With the basic options out of the way, we can continue to more advanced ones. Instead of showing you every possible option, I’m just going to cover the main ones so you can get the gist of it. Let’s start by covering some basic filtering options. In this post, you’ll learn some basic-and then more advanced-techniques you can use to filter your events and make them more manageable. To better deal with these situations, it’s useful to know how to filter event logs according to level, users, and other criteria. Some situations generate a gigantic number of events. However, having to deal with the Windows Event Viewer might make you feel overwhelmed. When it comes to Windows environments, the Windows Event Viewer is a big help in this phase. ![]() The really valuable parts come afterward when it’s time to read, parse, analyze, and visualize the logs. It’s clear writing to log files isn’t the only thing that matters when it comes to logging. People can then look at this information and reconstruct what happened so they can detect and fix whatever issues they might find. But at the end of the day, all types of logging serve a fundamental role in a technological infrastructure: they allow a system to record information about its behavior to a persistent medium. They come in all shapes and sizes from a huge variety of sources and possible destinations. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |