How to get started with Event Viewer on Windows 11

by admin

The Event Viewer on Windows 11 is an application that collects system and app event logs on a friendly interface that you can use to monitor and troubleshoot problems. Also, it can come in handy to track the performance of your computer.

Whenever the computer runs into an error, security concern, or any other issue, the Event Viewer should be the first place to check to start troubleshooting the problem since the tool records virtually every app crash, hardware failure, driver problem, and security issue into event logs. 

For example, if your computer freezes up without warning, suddenly reboots, a driver is not working as expected, or you’re dealing with Blue Screen of Death (BSoD), the logs from the Event Viewer are likely to contain clues that you can use to determine and resolve the problem.

This how-to guide will walk you through the basics of getting around the Event Viewer on Windows 11.

How to use Event Viewer on Windows 11

The Event Viewer is a straightforward application to monitor system events and a powerful tool to troubleshoot issues, but the app is only good if you know how to use it.

On Windows 11, you can open the Event Viewer in a number of ways, but the easiest way is to open Start, search for Event Viewer, and click the top result to open the app.

Alternatively, you can use the “Windows key + R” keyboard shortcut, type “eventvwr.exe,” and click the “OK” button.

The system events are categorized into four main groups, including “Custom Views,” “Windows Logs,” “Applications and Services Logs,” and “Subscriptions.”

(Image credit: Future)

The logs you will need to review will depend on the specific situation. However, usually, you’ll be in the “Windows Logs” reviewing the ApplicationSecurity, and System logs.

(Image credit: Future)

In the “Application” section, the system will generate events for the interface and necessary components to run applications. The “Security” section includes the events of login attempts and security features. Finally, the “System” category displays the logs for installed applications.

On Windows 11, Event Viewer can trigger different types of events, including “Error,” “Warning,” and “Information.”

The “Error” log events are related to issues that you need to resolve as soon as possible. The “Warning” events are not critical, but those are events that you want to investigate. Finally, the “Information” logs are those events that are only informational. 

During normal operation, the system will generate warnings and errors, but usually, they are events that you can ignore. For instance, Windows 11 may log an error when a service couldn’t launch during startup, but the service eventually started. Other scenarios where the system may create an error include when Windows 11 can’t access a file from a shared folder because of a connection problem. Or an app crashes suddenly, but it works fine after restarting it.

Furthermore, you can select each of the main categories to view additional details, such as the number of recorded events, the space a specific type of log is taking on the hard drive, and more. You can also select the “Even Viewer” item at the top to reveal an overview and summary of all the events.

(Image credit: Future)

When selecting one of the categories, Event Viewer will display the available events with their “Level” information, “Date and Time” of creation, “Source,” “Event ID,” and “Task Category” on the right side.

If you want to review an event, you can select it to view the information at the bottom of the page or double-click it to open the same information in a separate window.

(Image credit: Future)

On the “General” tab, you will see a description along with other information, such as the “Event ID.” The “Details” tab includes the same information in a code format.

The details in the General tab should help you understand the event, but you can always use the “Event ID” to search online and find more information and steps to resolve the issue.

Search logs

If you’re troubleshooting a problem, you can use the search feature to find the event that can help you resolve the issue.

Advanced search

To use the advanced search available on the Event Viewer on Windows 11, use these steps:

  1. Open Start.
  2. Search for Event Viewer and select the top result to open the app.
  3. Expand the event section.
  4. Right-click a group and choose the “Filter Current Log” option.

(Image credit: Future)
  1. Click the Filter tab.
  2. Select a time range when the event might have occurred using the “Logged” setting.
  3. Choose the event level you want to review, including “Critical,” “Warning,” “Verbose,” “Error,” or “Information.”

(Image credit: Future)
  1. (Optional) Select the event sources.
  2. (Optional) Select the category of the task using the “Task category” setting.
  3. (Optional) Confirm a keyword to narrow down the search.
  4. Click the OK button.

Once you complete the steps, the Event Viewer will show the results of the search. 

After you have reviewed the events, you can right-click the group and select the “Clear Filter” option.

Basic search

To use a keyword to find an error, warning, or information log event, use these steps:

  1. Open Start.
  2. Search for Event Viewer and select the top result to open the app.
  3. Expand the event section.
  4. Right-click the group and choose the Find option.

(Image credit: Future)
  1. Confirm the keyword and press the Find Next button.

(Image credit: Future)

After you complete the steps, the Event Viewer will highlight the result on the page. 

Custom views 

If you’re a developer or network administrator and you find yourself searching the logs frequently, you can use the feature to create custom views on Event Viewer.

To create an Event Viewer custom view on Windows 11, use these steps:

  1. Open Start.
  2. Search for Event Viewer and select the top result to open the app.
  3. Expand the event section.
  4. Right-click a group and choose the “Create Custom View” option.

(Image credit: Future)
  1. Click the Filter tab.
  2. Choose the time range using the “Logged” setting.
  3. Select the By log option.
  4. Choose the event category (such as “System”) to filter from the “Event logs” setting.

(Image credit: Future)
  1. (Optional) Select the category of the task using the “Task category” setting.
  2. Confirm a search keyword.
  3. Click the OK button.
  4. Confirm a name for the view.

(Image credit: Future)
  1. (Optional) Confirm a description for the custom view.
  2. Choose the location to save the custom view. 
  3. Click the OK button.

Once you complete the steps, you can open the “Custom Views” section on the left navigation page and choose the view to review specific logs.

Clear log history 

Windows 11 is always tracking events, and while you should maintain the logs as long as possible, at any time, you can clear the Event Viewer history to make it easier to troubleshoot problems or free up hard drive space.

To clear the log history from Event Viewer on Windows 11, use these steps:

  1. Open Start.
  2. Search for Event Viewer and select the top result to open the app.
  3. Expand the event section.
  4. Right-click a group and select the Clear Log option.

(Image credit: Future)
  1. Click the Clear button. 

After you complete the steps, the Event Viewer will delete the logs and start generating new events as they happen.

If you want to archive the log history on a file outside the Event Viewer, click the “Save and Clear” button instead of the “Clear” button.

More resources

For more helpful articles, coverage, and answers to common questions about Windows 10 and Windows 11, visit the following resources:

Leave a Reply

Related Posts

You May Missed

Discover more from Ultimatepocket

Subscribe now to keep reading and get access to the full archive.

Continue reading