How to Set Up and Use Windows Event Viewer

Windows Event Viewer is a built-in tool in Windows operating systems that allows users to view, monitor, and analyze the system, security, and application events on their computer. It provides valuable insights into the performance, troubleshooting, and diagnostic information of a Windows system.

In this guide, we will learn how to set up and use Windows Event Viewer effectively.

Table of Contents

• Accessing Windows Event Viewer
• Navigating Event Viewer
• Viewing Event Logs
• Filtering Event Logs
• Clearing Event Logs
• Exporting Event Logs

Let's get started!

Accessing Windows Event Viewer

1. Press the Windows key + R on your keyboard to open the Run dialog box.
2. Type eventvwr.msc and click OK or press Enter.
3. The Windows Event Viewer window will open.

Navigating Event Viewer

Windows Event Viewer consists of three main sections:

• Event Viewer (Local): This section allows you to view the various event logs available on your computer.
• Event Viewer (Local) > Custom Views: This section contains custom views that combine specific event logs or filter specific events.
• Event Viewer (Local) > Windows Logs: This section contains logs related to the Windows system components:
  • Application: Logs related to applications and programs.
  • Security: Logs related to system security, such as user logins and account management.
  • Setup: Logs related to system setup and configuration changes.
  • System: Logs related to system events and errors.

Viewing Event Logs

To view event logs:

1. Open the Windows Event Viewer.
2. Expand the Event Viewer (Local) section.
3. Expand the desired event log category, such as Windows Logs or Applications and Services Logs.
4. Click on the specific log you want to view, such as Application or Security.
5. You will see a list of events in the top middle pane.

Each event includes details such as the date and time, event ID, level, source, and description. Clicking on an event will display additional information and troubleshooting instructions if available.

Filtering Event Logs

Windows Event Viewer allows you to filter event logs based on specific criteria to narrow down the results. To do this:

1. Open the Windows Event Viewer.
2. Expand the desired event log category.
3. Right-click on the specific log and select Filter Current Log.
4. In the Filter Current Log window, you can specify various filter parameters such as:
   • Event level: Filter events by error, warning, information, etc.
   • Event sources: Filter events generated by specific sources or applications.
   • Event ID: Filter events with specific event IDs.
   • Keywords: Filter events based on specific keywords.
   • Date and Time: Filter events within a specific time range.

Once you have set the desired filters, click OK to apply them. The event log will update to display the filtered results.

Clearing Event Logs

To clear event logs:

1. Open the Windows Event Viewer.
2. Right-click on the specific log you want to clear.
3. Select Clear Log to remove all events from the log.

Note: Clearing an event log cannot be undone, so ensure you have properly reviewed and exported the necessary events before clearing them.

Exporting Event Logs

You can export event logs from Windows Event Viewer to share or analyze them elsewhere. To export event logs:

1. Open the Windows Event Viewer.
2. In the left-hand pane, right-click on the specific log you want to export.
3. Select Save All Events As or Save Selected Events depending on your preference.
4. Choose the desired file format for exporting the events, such as CSV, XML, or EVTX.
5. Specify the file name and location to save the exported events.
6. Click Save to export the event log.

You can now share or analyze the exported event log using appropriate tools or applications.

Congratulations! You have learned how to set up and use Windows Event Viewer effectively. By utilizing its features, you can monitor system events, troubleshoot issues, and gather valuable diagnostic information for your Windows computer.