Correlate Windows Events

Use the Correlate Windows Events activity to specify the event log information that is to be located on the target.

Note: To ensure that this activity properly executes, verify that the Remote Registry service is enabled on the target.

Usage

Complete the following properties to use this activity:

• Windows - Specify the following information or click the Variable Reference icon to choose a variable:
  • Entry Type - Click the drop-down menu and check the check boxes for the types of events that must be matched.
  • Log Name - Enter the name or expression of the event log to be matched.
  • After Time - Correlate events that occurred after the specified time.
  • Before Time - Correlate events that occurred before the specified time.
  • Event Source - Enter the source to locate matching events.
  • Instance ID Enter the event ID.
  • Event Description - Enter the description to find matching event log entries.
  • Event Computer Name - Enter the computer name that should be matched.
  • Persist Table - Check the check box to persist the resulting table so you can view and modify the results after the workflow completes.