Query Windows Events

Use the Query Windows Events activity to search the event log on the specified target and return all events that match the query.

Note: To ensure that this activity properly executes, verify that the Remote Registry service is enabled on your machine.

Usage

Complete the following properties to use this activity:

• Windows - Specify the following information or click the Variable Reference icon to choose a variable:
  • Persist Table - Check the check box to persist the resulting table so you can view and modify the results after the workflow completes.
  • Event Type - Click the drop-down menu and check the check boxes for the types of events that must be matched. The available options are Error, Information, Warning, Failure Audit, and Success Audit.
  • Log Name - Enter the name in the text field of the event log to be matched.
  • Event Source - Enter the source to locate matching events.
  • Event Number - Enter the event ID to match.
  • Event Description - Enter the description to find matching event log entries.
  • Get Latest Event - Check this check box if you want only the most recent event to be returned.
  • Events Generated within the Last - Specify a time period in which the event occurred.
  • Events with Format - Click the drop-down menu and choose the time unit (Days, Hours, or Minutes).