How to Filter and Search Events in Windows XP - dummies

How to Filter and Search Events in Windows XP

By Dan Gookin

Most computer event log entries are rather mundane. But the key to reviewing logs for troubleshooting is to look for pesky events. To help in your search, you need to employ a filter.

A filter is nothing more than a search through the logs. It’s more like a database search-and-sort than a file search; you specify the event type, time, and other information. Then using the Power Of The Computer, you can quickly see relevant events.

To use the event filters in Windows XP, you can sift through the events in a specific category by following these steps:

  1. Summon the Event Viewer window.

  2. Right-click an event category.

    For example, pick System.

  3. Choose Properties from the shortcut menu.

  4. On the category’s Properties menu, click the Filter tab.

    The Filter part of the dialog box lets you sift through and sort the events.


  5. Choose the type of events you want to view.

    Place a check mark by each event type you want to monitor.

  6. Select a source.

    Choosing a source works best when you want to monitor a specific source or you suspect a certain piece of hardware or device driver to be causing trouble.

  7. Select a category.

  8. The item’s event ID, user, and computer can generally be left blank.

  9. Use the From and To settings to narrow the time frame if necessary.

  10. Click OK.

    The results are displayed in the center portion of the Event Viewer window.

If no matching events show up, no events of the specified types have occurred. That might be good news because it means that no events relating to whatever concerned you have taken place. But if you want to be a stickler, consider broadening your search to find those events. Or, you can just forgo filtering and review the logs manually.

See Video 271 for a visual walkthrough of these steps.