A Comprehensive Guide on Using Event Viewer in Windows 11
If you want to utilize the Event Viewer in Windows 11 to diagnose crashes or troubleshoot issues effectively, this comprehensive guide will equip you with the knowledge to understand every aspect of the Event Viewer, allowing you to leverage this built-in utility on your Windows 11/10 PC.
How to Access Windows Event Viewer?
While there are multiple methods to open the Event Viewer in Windows 11, you can easily access it via the Taskbar search box, Start Menu, or the Run prompt. Here’s how to launch the Event Viewer using the Taskbar search box:
- Click on the Taskbar search box and type “event viewer” .
- Select the appropriate search result.
To open the Event Viewer using the Run prompt:
- Press Win+R to open the Run dialog.
- Type eventvwr and hit the Enter key.
How to Navigate Event Viewer in Windows 11
Let’s explore the various features of Windows Event Viewer and how to utilize them effectively.
Event Viewer Components and Their Definitions
Event Viewer comprises four primary sections:
- Custom Views
- Windows Logs
- Applications and Services Logs
- Subscriptions
Custom Views: This section allows you to create personalized views with specific filters. For instance, if you want to view only error logs, you can set up a custom view here.
Windows Logs: This is one of the crucial sections for troubleshooting various issues using Event Viewer. It includes five sub-sections: Application, Security, Setup, System, and Forwarded Events. The System section is particularly important for logs related to core system activities such as Windows Update, restarts, shutdowns, etc., while the Application section displays information about your installed applications.
Applications and Services Logs: Here, you will find various options, including Hardware Events, Key Management Service, OpenSSH, and Windows PowerShell, providing detailed information about these services.
Subscriptions: If you’re interested in monitoring specific types of errors in particular applications, you can create a subscription based on your preferences.
Understanding Event Viewer Levels
Event Viewer displays four main severity levels: Critical Error, Error, Warning, and Information. Additionally, there’s a Verbose level that indicates detailed information. For example, errors related to Windows Update will be classified under “Error,” while restarting the computer will fall under “Information.” These levels are shown in various sub-sections; for instance, under Windows Logs > System, you can see them on the right side.
Modifying Columns of Details in Event Viewer
By default, Event Viewer displays several columns such as Level, Date and Time, Source, Event ID, etc. To enhance the information you receive about logs, follow these steps to add or remove columns:
- Open the Event Viewer on your PC.
- Navigate to the desired section.
- Click on the View button on the right-hand side.
- Select Add/Remove Columns.
- Choose a column you want to add and click the Add button.
- To remove a column, select it and click the Remove button.
- Click OK to apply the changes.
Filtering and Finding Specific Log Details in Event Viewer
One of the most essential functionalities of Event Viewer is the ability to filter and obtain details about any logged event. Open the Event Viewer and navigate to a section, such as Windows Logs > System, to view all logs.
Click on any log entry to access the General/Details panel, which displays date/time, the app involved, and further information. To filter data, click the Filter Current Log option on the right side.
You can customize filters based on time, Event level, Event ID, category, keyword, user, etc. If you’re using a networked computer, there’s also an option to filter by computer.
Once you click OK, the data will be filtered accordingly. Notably, these filters can also be applied across several sections.
Copying Log Details from Event Viewer
To copy log details to your clipboard, follow these simple steps:
- Open a section in Event Viewer.
- Select the log entry you wish to copy.
- Click on Copy > Copy Details as Text from the right-hand menu.
- Open Notepad or any text editor and paste the details.
Saving All Events from Event Viewer
Sometimes you may need to save your event logs for further investigation. Here’s how to save all events from Event Viewer:
- Open the Event Viewer on your computer.
- Navigate to the appropriate section.
- Click on Save All Events As.
- Select a location to save the file and provide a file name.
- Click Save.
To open a previously saved log file, click on the Open Saved Log option, select your saved file, and click Open.
Creating Custom Views in Event Viewer
To create a custom view within Event Viewer, follow these instructions:
- Open the Event Viewer and click on the Custom Views section.
- Click Create Custom Views.
- Set the filters according to your preferences.
- Click OK to save your custom view.
Clearing Log or Activity History in Event Viewer
If you wish to clear log or activity history in Event Viewer, follow these steps:
- Navigate to the desired section in Event Viewer.
- Click on the Clear Log option on the right side.
- Confirm by clicking the Clear button.
If you want to save the logged events before clearing, click the Save and Clear button instead.
How to View Crash Logs in Windows 11?
To check crash logs in Windows 11, utilize the Event Viewer. Open it and navigate to Windows Logs > System. Look for entries marked with red or categorized as “Error” logs, then review the error descriptions found in the General and Details tabs.
How to Access Activity Log in Windows 11?
Windows 11 features two separate activity logs. You can view one by opening Windows Settings and selecting Privacy & Security > Activity history. Alternatively, you may also access activity logs through Event Viewer by navigating to Windows Logs > System to find relevant entries.
Leave a Reply