Navigation: Web Reports >
Event Log Searches
|
Navigation: Web Reports > Event Log Searches |
|
|
The Event Log Search page allows you to query the database for events matching your search criteria. All properties of event logs can be searched, including the message text. If you do not specify any search criteria then all event log records will be returned.
Source, Category, Event ID, Computer, Username By selecting one or more of the above fields, only event log records matching your selection will be displayed. If you select the exclamation mark next to your selection, then only event log records not matching your selection will be displayed.
Message You can either enter part or all of the event message (details) in this fields, wildcard characters (* %) are supported for more complex searches. By default, this field will match if the text you specified occurs in the event log message.
From, To You can restrict your search to a particular time and/or date range. You can click the calendar icon to bring up a calendar. When you set a date range using the From and/or To fields, any limit setting (e.g. "last week") will be ignored.
Order By Use this field to sort your output. By default, output is sorted descending by Date and Time.
Severity, Log Select the severities and/or event logs that you wish to include in the search. If no severity or event log is selected, the search will match any severity/event log.
Search Limits Instead of searching through the entire database, it is highly recommended that you impose a limit on your searches. Using the drop-down boxes you can:
Viewing Event Details To view the event details of an event, click on the event number, event time or message text of the record you are interested in (as indicated above). This will popup a window that will show the event details.
Additional Features Presetting the Form You can narrow down a broad event search by clicking on either the source, category, id, computer or username field. This automatically selects the appropriate value from the drop-down list.
Highlighted Selections Whenever you select a search criteria, e.g. an event source, then that field will be highlighted with a different background to indicate the selection. Setting the value back to ANY will clear the highlight again.
Grouping Output with Group By You can group output by selecting one or more (hold the CTRL key while selecting multiple) fields from the "Group By" box.
Show Chart Selecting the "Show Chart" option will display a graphical chart in addition to the text report. A pie chart is shown if you group by one field, a stacked column chart is displayed when you group by two fields. Grouping by more than two fields will not show a chart.
Example For example, to see how often certain computers log information to the database you can group the output by the Computer column. The screenshot below shows the amount of events generated by various servers:
In the example output above you can see that host DC1-W2K3 logged 12750 events to the database. To group by two fields, simply hold the CTRL key while selecting two "Group By" fields. The screenshot below shows the output when grouping by "Category" and "ID", while restricting the search to the security event log:
Saving Searches as Standard Reports You can save a previously run search as a "Standard Report" to access it again at a later time. To save a query, simply click the "Save as Standard Report" and specify a name and optional description for the report. See Event Log Reports for more information.
RSS Output The Event Search page (including standard and custom reports) allows you to subscribe to RSS feeds. To view the output of an event search in your RSS reader, simply click the RSS button and copy the resulting string into your RSS reader. |
