Windows event viewer logs

See Also

• NK2Edit — Edit, merge and fix the AutoComplete files (.NK2) of Microsoft Outlook.
• EventLogChannelsView — enable/disable/clear event log channels.
• UninstallView — Alternative uninstaller for Windows 10/8/7/Vista

Description

FullEventLogView is a simple tool for Windows 11/10/8/7/Vista that displays in a table the details of all events from the event logs of Windows, including the event description.
It allows you to view the events of your local computer, events of a remote computer on your network, and events stored in .evtx files.
It also allows you to export the events list to text/csv/tab-delimited/html/xml file from the GUI and from command-line.

Картинка с сайта: www.nirsoft.net

System Requirements

This utility works on any version of Windows, starting from Windows Vista and up to Windows 11. Both 32-bit and 64-bit systems are supported.
For Windows XP and older systems, you can use the MyEventViewer tool.

FullEventLogView vs MyEventViewer

MyEventViewer is a very old tool originally developed for Windows XP/2000/2003.
Starting from Windows Vista, Microsoft created a new event log system with completely new programming interfaces. The old
programming interface still works even on Windows 10, but it cannot access the new event logs added on Windows Vista and newer systems.
MyEventViewer uses the old programming interface, so it cannot display many event logs added on Windows 11/10/8/7/Vista.
FullEventLogView uses the new programming interface, so it displays all events.

Versions History

• Version 1.80:
  • Added ‘Black Background’ option (Under the View menu). When it’s turned on, the main table and the lower pane text-box are displayed in black background and white text, instead of default system colors.
  • Fixed issue: When copying data to the clipboard or exporting to tab-delimited file, every line contained an empty field in the end of the line.
• Version 1.78:
  • Added ‘Full Screen’ mode (View -> Full Screen or F11 key).
• Version 1.77:
  • Added ‘Sort By’ toolbar button.
• Version 1.76:
  • Fixed issue: The ‘Record ID’ value was limited to the size of 32-bit integer.
• Version 1.75:
  • Fixed the filter to work properly when new event items are added in ‘Auto Refresh’ mode.
• Version 1.74:
  • Updated to stop the event log scanner when you press the Esc key.
• Version 1.73:
  • The status bar now displays the current scanned event log channel/filename.
• Version 1.72:
  • Fixed to work properly when specifying to filter more than 23 event IDs (Workaround for limitation of event log queries).
• Version 1.71:
  • Fixed to display the time properly in AM/PM format.
  • Fixed the default columns size in high DPI mode.
• Version 1.70:
  • Added option to choose a single event log filename (.evtx or .etl file) in the ‘Choose Data Source’ window.
  • You can also load a single event log file (.evtx or .etl file) by dragging it from Explorer window into the main window of FullEventLogView.
• Version 1.68:
  • Added ‘Add Header Line To CSV/Tab-Delimited File’ option (Turned on by default).
• Version 1.67:
  • Fixed the /srawxml command-line option to save the raw xml much faster than the previous versions.
• Version 1.66:
  • ‘Show Event Strings In Columns’ option — You can now change the number of event string columns displayed when this option is turned on.
    You can do it by editing the following line in FullEventLogView.cfg (The default value is 10):
    
    EventStringColumns=10
  • You have to edit this value while FullEventLogView is not running.
• Version 1.65:
  • Added option to save the selected events as raw event XML (In ‘Save Selected Items’ option), which is the same XML you see in the lower pane when choosing Options -> Lower Pane Display Mode -> Show Event XML.
  • Added /srawxml command-line option to save the raw event XML from command-line.
  • Updated the HTML export feature to HTML5.
  • Added option to change the sorting column from the menu (View -> Sort By). Like the column header click sorting, if you click again the same sorting menu item, it’ll switch between ascending and descending order. Also, if you hold down the shift key while choosing the sort menu item, you’ll get a secondary sorting.
• Version 1.62:
  • Added option to specify user name and password for connecting a remote computer (In the ‘Choose Data Source’ window). You have to use this option if you get ‘Access is denied’ error message when trying to connect the remote computer.
• Version 1.61:
  • Fixed some high DPI mode issues.
• Version 1.60:
  • Added ‘Tray Balloon On New Event’ option. This feature is active only when both ‘Put Icon On Tray’ and ‘Auto Refresh’ options are turned on.
    When it’s active, FullEventLogView displays every new event in a tray balloon.
  • Added ‘Start As Hidden’ option. When this option and ‘Put Icon On Tray’ option are turned on, the main window of FullEventLogView will be invisible on start.
• Version 1.58:
  • Added ‘New FullEventLogView Instance’ under the File menu, for opening a new window of FullEventLogView.
• Version 1.57:
  • Added ‘Log File’ column, which displays the log filename if the event was loaded directly from .evtx or .etl file.
• Version 1.56:
  • In the the channel and provider fields of the ‘Advanced Options’ window — you can now choose the desired channel/provider from a combo-box.
• Version 1.55:
  • When reading .etl files that store the event data inside EventPayload element of the XML, FullEventLogView now automatically converts the EventPayload
    from hexadecimal string to readable text, and displays it as the decsription of the event.
    
    For example, you can use this feature to view the Windows Update logs from C:\windows\logs\WindowsUpdate on Windows 10.

  • Added ‘Copy Clicked Cell’ option to the right-click context menu, which copies to the clipboard the text of cell that you right-clicked with the mouse.
• Version 1.53:
  • Fixed bug: Wildcards didn’t work when using the ‘Search in full description string’ option.
  • Fixed to save the ‘Case Sensitive’ option of the Quick Filter in the .cfg file.
• Version 1.52:
  • Added ‘Select All’ and ‘Deselect All’ to the ‘Column Settings’ window.
• Version 1.51:
  • Added the ‘Clear All Events Of Selected Channel’ option to the context menu.
  • Increase the maximum size of the description filter string.
• Version 1.50:
  • Fixed bug: FullEventLogView remained in memory if you closed the main window during events scanning.
  • Added ‘Clear All Events Of Selected Channel’ option (Under the file menu). For example: If you select an event that its channel is
    ‘System’, using this option will delete all system events.
  • Added /ClearChannelEvents command-line option, which clears all events of the specified channel, for example:
    
    FullEventLogView.exe /RunAsAdmin /ClearChannelEvents «Microsoft-Windows-Bits-Client/Operational»

  • Added 2 modes to description filter: ‘Search in description parameters’ and ‘Search in full description string’. In previous versions, the search was made inside description parameters,
    but some people reported it’s a bug. The search is now made by default inside the full description string, but this search mode is slower because it requires to load the metadata and format the
    description string before the filtering process.

• Version 1.38:
  • Fixed bug: When trying to export events of remote computer from command-line, FullEventLogView loaded the events from local computer.
• Version 1.37:
  • Added ‘Case Sensitive’ option to the Quick Filter window.
• Version 1.36:
  • Added /RunAsAdmin command-line option for running FullEventLogView as administrator.
• Version 1.35:
  • Added new options to the ‘Quick Filter’ feature, including the option to filter the list by Event ID.
• Version 1.32:
  • When choosing to load only specific event IDs (From ‘Advanced Options’ window), the loading process is much faster.
• Version 1.31:
  • Fixed bug: When connecting a remote computer the following error was displayed — Error 50: The request is not supported.
• Version 1.30:
  • Fixed bug: FullEventLogView failed to display the event strings in the lower pane (‘Show Event Data + Description’ mode) and in the columns (‘Show Event Strings In Columns’ option).
  • You can now resize the properties window, and the last size/position of this window is saved in the .cfg file.
  • You can now send the data to stdout by specifying empty string as filename, for example:
    
    FullEventLogView.exe /scomma «» | more
• Version 1.28:
  • Fixed the lower pane to use the right font size in high DPI mode.
  • Added option to choose another font (name and size) to display in the main window.
• Version 1.27:
  • When exporting items with multiline description to tab-delimited file (Including the ‘Copy Selected Items’ option), FullEventLogView now put the description in quotes to
    ensure the exported data will be displayed properly in Excel and other programs.
• Version 1.26:
  • Added support for saving as JSON file.
• Version 1.25:
  • Added ‘Show Event Strings In Columns’ option (Under the Options menu). When it’s turned on, 10 new event string columns are added to the main table (‘String 1’, ‘String 2’, ‘String 3’…).
    These columns display the strings from the event decsription and you can click the column header in order to sort the events according to the event strings.
• Version 1.22:
  • Fixed bug: On some systems, FullEventLogView missed some of the events when using a time filter.
• Version 1.21:
  • Added /cfg command-line option, which instructs FullEventLogView to use a config file in another location instead if the default config file, for example:
    
    FullEventLogView.exe /cfg «%AppData%\FullEventLogView.cfg»
• Version 1.20:
  • Added option to filter according to strings of the event description (In ‘Advanced Options’ window).
  • Added ‘Quick Filter’ feature (View -> Use Quick Filter or Ctrl+Q). When it’s turned on, you can type a string in the text-box added under the toolbar and FullEventLogView will instantly filter the events table, showing only lines that contain the string you typed.
  • Fixed the lower pane to switch focus when pressing tab key.
• Version 1.12:
  • Added option to specify time range in GMT (‘Advanced Options’ window).
  • Fix bug: When using /SaveDirect command-line option, the file was always saved according to the default encoding, instead of using the selected encoding in Options -> Save File Encoding.
• Version 1.11:
  • Fixed bug: the process of exporting large amount of event log items from command-line was very slow, even when using /SaveDirect.
• Version 1.10:
  • Added option to automatically read archive log files (In ‘Choose Data Source’ window). This option works only when you run FullEventLogView as administrator.
• Version 1.06:
  • Fixed FullEventLogView to display event description properly when reading .evtx files from shadow copy (e.g: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\Windows\System32\winevt\Logs )
  • Fixed bug: FullEventLogView displayed error message when trying to read .etl files.
• Version 1.05:
  • FullEventLogView now displays an error message if it fails to load events from external evtx file or from remote computer.
  • Added ‘Choose Data Source’ icon to the toolbar.
• Version 1.00 — First release.

Start Using FullEventLogView

FullEventLogView doesn’t require any installation process or additional DLL files.
In order to start using it, simply run the executable file — FullEventLogView.exe

After running FullEventLogView, the main window loads and displays all events from the last 7 days.
You can change the default 7-days time filter and set other filters by using the ‘Advanced Options’ window (F9)

If you want to load the events from remote computer on your network or from event log files (.evtx), you should use the ‘Choose Data Source’ window (F7).

Lower Pane Display Mode

When you select an event in the upper pane, the lower pane displays the details of the selected event, depending on the display mode that you choose (Options -> Lower Pane Display Mode):

• Show Event Description:
  Displays the full description of the event. Some event descriptions are too long for watching them in the ‘Description’ column, so you can view the long event description in the lower pane.
• Show Event Data + Description:
  Displays the full description of the event and additional data stored in this event.
• Show Event XML:
  Displays the full XML of the event.

Refresh (F5) And Smooth Refresh (F8)

FullEventLogView provides 2 types of refresh actions:

• Refresh (F5): Reloads the entire event log
• Smooth Refresh (F8): FullEventLogView only adds the new event items that have been created since the previous refresh.

Auto Refresh Mode

When Auto Refresh mode is turned on (Options -> Auto Refresh -> Every x seconds), FullEventLogView
automatically executes a smooth refresh according to the refresh interval you choose, so you’ll be able to see when a new event log item is created.

Show Event Strings In Columns

You can turn on the ‘Show Event Strings In Columns’ option if you want to view all event strings in the upper pane table.
By default, FullEventLogView displays 10 event string columns (String 1, String 2, String 3,…).
If you need more than 10 event string columns, You can do it by editing the following line in FullEventLogView.cfg:

EventStringColumns=10

You have to edit this value while FullEventLogView is not running.

Run As Administrator

By default, FullEventLogView doesn’t request elevation (Run As Administrator). If you want to watch events thar are only available with administrator privilege (like the security log),
you have to run FullEventLogView as administrator by press Ctrl+F11.

Command-Line Options

Translating FullEventLogView to other languages

In order to translate FullEventLogView to other language, follow the instructions below:

1. Run FullEventLogView with /savelangfile parameter:
   
   FullEventLogView.exe /savelangfile
   
   A file named FullEventLogView_lng.ini will be created in the folder of FullEventLogView utility.
2. Open the created language file in Notepad or in any other text editor.
3. Translate all string entries to the desired language.
   Optionally, you can also add your name and/or a link to your Web site.
   (TranslatorName and TranslatorURL values) If you add this information, it’ll be
   used in the ‘About’ window.

4. After you finish the translation, Run FullEventLogView, and all translated
   strings will be loaded from the language file.
   
   If you want to run FullEventLogView without the translation, simply rename the language file, or move
   it to another folder.

License

This utility is released as freeware.
You are allowed to freely distribute this utility via floppy disk, CD-ROM,
Internet, or in any other way, as long as you don’t charge anything for this and you don’t
sell it or distribute it as a part of commercial product.
If you distribute this utility, you must include all files in
the distribution package, without any modification !

Disclaimer

The software is provided «AS IS» without any warranty, either expressed or implied,
including, but not limited to, the implied warranties of merchantability and fitness
for a particular purpose. The author will not be liable for any special, incidental,
consequential or indirect damages due to loss of data or any other reason.

Feedback

If you have any problem, suggestion, comment, or you found a bug in my utility,
you can send a message to nirsofer@yahoo.com

FullEventLogView is also available in other languages. In order to change the language of
FullEventLogView, download the appropriate language zip file, extract the ‘fulleventlogview_lng.ini’,
and put it in the same folder that you Installed FullEventLogView utility.

Logs are constantly recording what is going on on your computer. They can
provide help in tracking what happens with your machine or with troubleshooting.
Logs are kept about both actions by a person or by a running process.

In Windows, logs that are saved contain information about applications and the
operating system itself. Moreover, these logs are structured and human-readable.
For viewing the logs, Windows uses its Windows Event Viewer. This
application displays the event logs and allows the user to search, filter,
export, and analyze background info. In this article, you will learn how to use
the features provided with this program. In addition, this article will also
explore the Event Viewer’s interface and features. Finally, you will also learn
about other application that has their own event viewer built-in, and we will
talk about creating your own repeating tasks.

Prerequisites

• Windows 10 installed
• Administration privileges

Step 1 — Accessing Event Viewer

Event viewer is a standard component and can be accessed in several ways. The
easiest way is to type event viewer to the start menu. If you prefer using
command prompt, you can access it by running the eventvwr command.

Event viewer is also accessible through the control panels. Open the control
panels and list them all by viewing them like small or large icons. After that,
select the Administrative Tools and find Event Viewer in the folder.

The application is user-friendly and provides an intuitive interface. The main
screen is divided into three column sections:

• Navigation page
• Detail page
• Action page

You can also create your own section. We will explain how to do that later in
the tutorial.

Step 2 — Understanding Navigation Page

The navigation page, which is by default positioned on the very left, provides
you with an option to choose the event log to view. Five categories can be found
under Windows logs:

• System — Logs created by the operating system
• Application— Logged by an application hosted locally
• Setup — Logs created in the process of installing or changing the Windows
  installation
• Security — Logs related to logins, privileges, and other similar events
• Forwarded Events — Events forwarded by other computers

There is also a category for Applications and Services Logs, which contains
logs of the individual applications and Hardware Events. Logs from PowerShell
and other command lines will also be stored there.

Step 3 — Viewing Log Details On Detail Page

When in the default tab, this page displays the Overview and Summary. Select
some item from the previously mentioned navigation page to see more details.
There are several log levels:

• Information — Successful action
• Warning — Occurring of an event that might bring problems
• Error — Occurring of a significant problem
• Critical — Severe problem occurred

You can also see Audit successes and failures, which are associated with
security events.

Events are listed chronologically, starting with the latest event on the very
top. You can furthermore click on the columns to edit the order and groupings.

You can click on the event to view more detailed information:

You can learn more about an event by double-clicking it:

Here you can see the name of the log, source, and other information about the
log.

The following popup window also has two tabs, General and Details. The
first tab shows more information about the error as described above. The second
tab shows the raw event data. You can switch between Friendly View and XML
View.

Step 4 — Using Actions Page

The last page located by default on the right side is the Actions page,
which provides you quick access to the features available to you at the moment.
This page is divided into two parts, the first containing actions available for
the selected Navigation page. The second contains actions available to the
selected event itself.

Various options are available:

Filtering Current Log

Allows you to set criteria for events to be displayed on the Details page.

Clearing Log Events

You can choose this option if the list becomes too large. This will delete all
events stored in the current log. You can check the total number of events by
going to the top directory in the navigation page:

Exporting Log Events

You can click on the Save All Events Asor Save All Events in Custom View As
to export all of the selected events into the special event file with the
.EVTX extension.

Step 5 — Creating Custom Views

Event Viewer gives you the option to create a custom view. To do so, select the
Custom Views folder on the Navigation page and click Create Custom View
on the Actions page. You can, for example, create a custom view for all Windows
Azure events with log level error that occurred in the last 12 hours:

After saving, your new view will now show in the Navigation tab.

You can also export your Custom View. Select it in the Navigation Page and find
an option called Export Custom View on the Actions Page. Enter the name for
the new .XML file you are about to create, and it is done.

You can import the custom view to any other Event Viewer by selecting the option
Import Custom View.

Navigating Summary View

The summary view is the first thing you will come in contact with when opening
the Event Viewer. It is at the top of the Navigation panel.

It includes:

• Overview
• Summary of Administrative Events — displays data and totals related to the
  Event Viewer for the past week.
• Recently Viewed Nodes — history of the viewed nodes filtered
  chronologically while the most recent is at the top. You can double-click on
  the node to open the location.
• Log Summary — this section displays all of the major properties in each
  log file. Double-click to get more details like the events for the viewed log.

Step 6 — Finding Other Application Logs

There are other logs with their event logging:

• DNS Manager
• IIS Access
• Task Scheduler History
• Failover Cluster Manager
• Windows Component Service

DNS Manager

If you run Windows Server that is provisioned as a DNS server, the DNS manager
is available. This manager has its list of events. From there, the DNS manager’s
event viewer works in a similar fashion as the one packed with Windows.

IIS Access

The Internet Information Services logs include info about requested URIs and
statuses. These logs are written in the location specified in the IIS Manager.
By default, the location is:

%SystemDrive%\\inetpub\\logs\\LogFiles

Task Scheduler Library

Task scheduler schedules many sorts of background tasks and applications. The
Task Scheduler Library is associated with it, and you can view it directly from
the application:

From the summary view, you can see the overview, task status, and active tasks.
In the task status, you can view all tasks started in some period.
Double-clicking on the task will give you more information.

In the section underneath, you can see all the active tasks that are currently
enabled and have not expired. Then, by double-clicking on the summary info about
the task, which includes the task name, next run time, triggers, and location,
you can again view more information.

Using this feature, you can display details about every single task and modify
it accordingly. The action page also slightly changes, and a new section for the
selected item is viewed. You can run, end, disable, delete or export information
about the task at your will.

From the action panel, you can also create your own task by selecting the option
Create Basic Task... or adding an existing one with Import Task... After
clicking the first opinion, you are presented with a task creator wizard to add
name, description, triggers, action, and finish statement to your custom task.

Failover Cluster Manager

This is a practical built-in application when running your Windows Server. This
service allows servers to work as a cluster. When one server’s hardware fails,
it is automatically detected and replaced by the other server. All network is
then re-routed to the working instance.

This application also has its local Event Viewer. Using this event viewer, you
can discover more in the events of your clusters failing or not working as
expected.

Windows Component Service

Another application is Windows Component Service Manager. It enables us to
configure DCOM applications on Windows. You can view its logs by clicking on the
local Event Viewer:

Conclusion

Windows and applications installed or associated with the operating system keep
records of various events. Understanding and finding these events can help you
if you are a system administrator, running your Windows server, or even just a
regular user.

Now you should know how to explore and use different methods to use these logs
to your advantage. In addition, you now know how to use the task scheduler and
create your own repeating tasks using it.

If you want to use Event Viewer in Windows 11 to diagnose a crash or troubleshoot problems effectively, this detailed guide will help you understand every part of the Event Viewer so that you can get started with this in-built utility on your Windows 11/10 computer.

How to open Windows Event Viewer?

Картинка с сайта: www.thewindowsclub.com

Although there are several ways to open the Event Viewer in Windows 11, you can use the Taskbar search box, Start Menu, or Run prompt to open it on your computer. Follow these steps to open the Event Viewer using the Taskbar search box:

• Click on the Taskbar search box and search for “event viewer”.
• Click on the individual search result.

Follow these steps to open the Event Viewer using the Run prompt:

• Press Win+R to open the Run prompt.
• Type eventvwr and hit the Enter button.

We will now take a look at the various features of Windows Event Viewer and how to use them.

Event Viewer sections and definitions

Картинка с сайта: www.thewindowsclub.com

There are four different sections of Event Viewer and they are:

• Custom Views
• Windows Logs
• Applications and Services Logs
• Subscriptions

Custom Views: The Custom Views panel allows you to create custom views with different filters. For example, if you want to see only the error logs, you can create a custom view in this section.

Windows Logs: This is one of the most important sections that you should understand if you want to troubleshoot various problems with Event Viewer.

You can find five sub-sections: Application, Security, Setup, System, and Forwarded Events. You need to learn more about the Application and System sections of these five. The System section is intended for logs related to the core system. Windows Update, restart, shutdown, etc.: you can find almost everything. On the other hand, the Application panel displays information about your apps.

Applications and Services Logs: This section houses many options, such as Hardware Events, Key Management Service, OpenSSH, and Windows PowerShell. It is the best place to get information about these utilities.

Subscriptions: Let’s assume you want to see information about a specific type of errors in a specific application. You can create a subscription according to your requirements.

Read: How to create Custom Views in Event Viewer

Event Viewer levels and definitions

Картинка с сайта: www.thewindowsclub.com

There are four main levels that Event Viewer displays at various times: Critical Error, Error, Warning, and Information. Apart from that, you can find another level called Verbose. These levels indicate the kind of data. For example, if there is a Windows Update-related error, you can find the log as Error. On the other hand, if you have restarted your computer, you can find it as Information.

The levels can be found when you open different sub-sections. For example, if you open Windows Logs > System, the levels are on the right-hand side.

Read: How to enable Print Logging in Event Viewer

Add or remove columns of details in Event Viewer

Картинка с сайта: www.thewindowsclub.com

By default, Event Viewer displays a few columns such as Level, Date and Time, Source, Event ID, etc. However, if you want to find more information about a log, you should add more columns of data. To add or remove columns in Event Viewer, follow these steps:

• Open the Event Viewer on your computer.
• Navigate to a path.
• Click on the View button on the right-hand side.
• Select the Add/Remove Columns option.
• Choose a column you want to display and click the Add button.
• On the other side, choose a column and click the Remove button.
• Click the OK button to save the change.

Read: How to check the Shutdown and Startup Log in Event Viewer

Use Event Viewer to filter and find details of any log

It is one of the most important things you can do using Event Viewer. It is possible to find every possible detail of any logged item. First, open the Event Viewer and navigate to a path. For this example, we are selecting Windows Logs > System.

Here, you can find the window that displays all the logs. Click on any log to go to the General/Details panel.

You can find the date/time, the involved app, and more information. However, to filter the data, you need to click on the Filter Current Log option visible on the right-hand side.

Картинка с сайта: www.thewindowsclub.com

After that, you can choose the time, Event level, event ID,

Category, keyword, user, etc. If you use a networked computer, you can also choose the computer.

Once you click the OK button, your data will be filtered immediately. For your information, you can apply the same filters in multiple sections.

Read: Use Event Viewer to check unauthorized use of Windows computer

How to copy log details in Event Viewer?

Картинка с сайта: www.thewindowsclub.com

To copy log details to the clipboard, follow these steps:

• Open any section in Event Viewer.
• Select any log you want to copy.
• Click the Copy > Copy Details as Text option on the right-hand side.
• Open Notepad or any text-processing application and paste it.

Read: How to find ChkDsk results in Event Viewer

How to save all events of Event Viewer?

Картинка с сайта: www.thewindowsclub.com

At times, you might need to save the events for further investigation of an error or something like that. In such a situation, you can use the built-in Event Viewer option to get the job done. You can follow these steps to save all logged events of Event Viewer:

• Open the Event Viewer on your computer.
• Navigate to a path.
• Click on the Save All Events As option.
• Select a path where you want to save the file and choose a name.
• Click the Save button.

If you want to open a saved logged file, click on the Open Saved Log option and choose the file you created earlier. Then, click the Open button.

Read: How to export Event Viewer logs in Windows

How to create custom view in Event Viewer?

Картинка с сайта: www.thewindowsclub.com

To create a custom view in Event Viewer, follow these steps:

• Open the Event Viewer and click on the Custom Views section.
• Click the Create Custom Views option.
• Enter the filters as per your requirements.
• Click the OK button.

It will be added as a custom view in the Event Viewer.

Read: Event Viewer is missing in Windows 11.

How to clear log or activity history in Event Viewer?

Картинка с сайта: www.thewindowsclub.com

Sometimes, you might want to create a log or activity history from Event Viewer. At such a moment, you can follow these steps:

• Navigate to a specific path in Event Viewer.
• Click on the Clear Log option on the right-hand side.
• Click the Clear button.

However, if you want to save the logged events before clearing, click the Save and Clear button instead of the Clear button.

I hope this guide helps you to use Event Viewer more effectively.

Read: How to clear the Event Log in Windows

How do I see Windows 11 crash logs?

To see Windows 11 crash logs, you need to use Event Viewer. Open the Event Viewer on your computer and go to Windows Logs > System. Then, find the red-marked or “Error” logs. Following that, read the error description in the General and Details tabs.

Read: Event Viewer not working on Windows Server

How do I view Activity log in Windows 11?

There are two separate activity logs in Windows 11. Open Windows Settings and go to Privacy & security > Activity history. You can also open the Event Viewer and go to Windows Logs > System. Here you can find all the activity logs that meet your requirements.

Read: How to find and view BSOD log files in Event Viewer.