Forum Discussion

11 years ago

Need more granular way to filter event logs.

Currently the filtering capabilities for Windows Events are not granular enough to be very effective because there is no tie between Event ID and DataSource. This is a big problem because it is n...

answered

Gary_Dewrell

11 years ago

Achan I use the same method to prevent EventID overlap between System, Application, Security , etc logs. However that does not resolve the issue of multiple sources that write to the same log using the same Event ID. The Event ID is selected by the programmer and not the OS so it is not unheard of for two different applications to the same Event IDs even though the sources will be different.

For example there is an EVENT ID 50 from both NTFS and WIN32Time. Suppose you wanted to filter out the Win32Time EventID 50 but not the NTFS Event ID 50. Currently I do not know of a way to accomplish this.

Forum Discussion

Need more granular way to filter event logs.

Related Content

Event Sources SNMP and Windows collectors?

Dashboard Filtering Using Instance Properties

Resource Property Filters on the New UI Preview

string filters in the API (groovy)

Event-driven ansible

Recent Discussions

Dashboard Sharing – An Inline Framing Method

2021-12-15 US Office Hours

Live Training - Tuning Datapoints and Alerts - 15th JUNE 2022 - APAC

Live Training - Introduction to Dashboards - 18th MAY 2022 - APAC

2022-05-11- APAC Product Overview -Collectors, Resources/Groups, Dashboards