Creating a custom view

Use the Microsoft Event Viewer to create custom views, which can filter events for severity, source, category, keywords, or specific users.

WinCollect log sources can use XPath filters to capture specific events from your logs. To create the XML markup for your XPath Query parameter, you must create a custom view. You must log in as an administrator to use Microsoft Event Viewer.

Note: Using more than 10 XPath queries can affect WinCollect performance, depending on the XPath and the number of events coming in to each channel.

XPath queries that use the WinCollect protocol the TimeCreated notation do not support filtering of events by a time range. Filtering events by a time range can lead to errors in collecting events.

Procedure

  1. On your desktop, select Start > Run.
  2. Type the following command:

    Eventvwr.msc

  3. Click OK.
  4. If you are prompted, type the administrator password and press Enter.
  5. Click Action > Create Custom View.

    When you create a custom view, do not select a time range from the Logged list. The Logged list includes the TimeCreated element, which is not supported in XPath queries for the WinCollect protocol.

  6. In Event Level, select the check boxes for the severity of events that you want to include in your custom view.
  7. Select an event log source. You can select the source from the Event sources drop-down menu, or you can browse to a source from the Event logs drop-down menu.
  8. Type the event IDs to filter from the event or log source.

    Use commas to separate IDs.

    The following list contains an individual ID and a range: 4133, 4511-4522
  9. From the Task Category list, select the categories to filter from the event or log source.
  10. From the Keywords list, select the keywords to filter from the event or log source.
  11. Type the user name to filter from the event or log source.
  12. Type the computer or computers to filter from the event or log source.
  13. Click the XML tab.
  14. Copy and paste the XML to the XPath Query field of your WinCollect log source configuration

What to do next

Configure a log source with the XPath query. For more information, see Applications and Services logs.