How to Filter and Search Events in Windows 7 and Vista - dummies

How to Filter and Search Events in Windows 7 and Vista

By Dan Gookin

Most computer event log entries are rather mundane. But the key to reviewing logs for troubleshooting is to look for pesky events. To help in your search, you need to employ a filter.

A filter is nothing more than a search through the logs. It’s more like a database search-and-sort than a file search; you specify the event type, time, and other information. Then using the Power Of The Computer, you can quickly see relevant events.

To use the event filters in Windows 7 and Windows Vista, follow these steps:

  1. Bring up the Event Viewer window.

  2. From the list of actions on the right side of the window, choose Filter Current Log.

    The Custom View Properties dialog box appears.


    You can make the report permanent by choosing the Create Custom View link rather than Filter Current Log in this step. The rest of the steps remain the same, but the filter you create is saved under the Custom Views folder on the left side of the window.

  3. Choose a time frame from the Logged button.

  4. Select the event levels you want to view by selecting check boxes.

  5. Choose By Log and then select specific logs from the drop-down list, or, if you have a device to monitor, choose By Source and then select the device or driver from the list.

    The items By Log and By Source are dimmed when you select a subcategory in the Windows Logs folder. To enable both items, select the Windows Logs folder before you begin setting up the filter.

  6. Choose other items as necessary, though unless you know the details, there’s little need to fill in the rest of the dialog box information.

  7. Click OK.

  8. Peruse the results.

    Any logged events that match your filter are displayed.

If no matching events show up, no events of the specified types have occurred. That might be good news because it means that no events relating to whatever concerned you have taken place. But if you want to be a stickler, consider broadening your search to find those events. Or, you can just forgo filtering and review the logs manually.

See Video 271 for a visual walkthrough of these steps.