The Event Viewer is an Administrative tool that records events that occur on your computer. When the system or application runs into any bugs, errors, or security issues, the event logs will have the information that caused the problem. Although it does not solve the issue at hand, the Event logs give you the necessary information to begin the troubleshooting process.
Understanding Event Viewer Layout
In the Event Viewer window, you will see three panels. The left side is the navigation panel, the middle one displays the event details and the right side is for performing actions like saving or loading event logs.
Navigation Panel
The Navigation panel is the left side panel where event logs are categorized into three specific folders. These folders are common in all versions and editions of Windows. These are Custom Views, Windows Logs, and Application and Services Logs.
Windows logskeep track of every event from the Windows OS and contain a list of the following event log categories:
Application and Service Logscontain events from hardware connections/alerts, third-party applications, and PowerShell events.
Finally, any custom filter you create through the action panel will be stored in theCustom Viewsevent log. By default, this section will have a sub-category named Administrative Events. You can use this to view all Critical, Warning, and Error events from the log history.
Custom event logs named Administrative Events are created automatically on all versions of Windows.
On the Navigation panel, if you click on Event Viewer (Local), you will get an Overview and Summary in the Details panel. Here, you can get a quick review of all the administrative events, recently viewed logs, and Log Summary.
Events Panel
The Events panel displays the list of recorded event logs and the level of the recorded event whether it is information, warning, error, or critical. Among these, event logs indicating Error should be given high priority and should be looked into right away.
If you double-click on the events, a new dialog box opens up showing all the event properties. It contains a log description along with numerous entries. Among these entries, Log Name, Source, Event ID, Logged, Level, and OpCode are a few of the crucial ones.
Actions Panel
Event Actions allows you to perform actions like save logs, open saved logs, create a custom view, clear event logs, filter current logs, and view properties of the selected log.
Save and Open Event Logs
Saving Event logs allows you to get the event details and view them on another PC. To save logs in the event viewer,
To open saved logs,
Once you open saved logs, a log category named Saved Logs will appear on the Event Viewer panel located on the left side.
Filter Event Log and Create Custom View
By filtering logs, the event viewer will extract the events that do not match the event properties set on the custom filter. To set a filter in Event Viewer,
Creating a Custom view works similar to filtering event logs. However, when creating custom logs, it will create a new log category in Custom Views. Creating Custom View can especially come in handy when you only want to view the filtered events logs.
How to Check Event Logs?
Administrative Events under the Custom Views filter all Critical, Warning, and Error events from the entire log history. Therefore, it is the first thing you need to check when the system runs into error or crashes.
Event Viewer Retention Period
The default retention period for events in a single event log category is around 20MB. And since these event logs are entered on a FIFO (First-In First-out) policy, the entries recorded first are removed first when it hits the 20MB limit.
However, you can increase the event viewer retention size if you want to record more event logs.
Here, you can also check the current log size, created, modified, and accessed data, log path, and what the system does when the maximum event log size is reached.
