Windows Event Viewer in Windows 10 – How to use it correctly

The Windows Event Viewer is one of your best friends when it comes to troubleshooting problems in Windows 10 and earlier. The event viewer gives you an overview of all events that happened on your system. Not only errors or warnings but also information. Tracing all these kind of events can often help you solve issues. Not seldom I have referred to event ID’s in the past. Like event ID 10016, event id 8198 or event id 10028 .

Now, this blog post should give you a quick look at how I troubleshoot problems using the event viewer. If you find the need to ask a question, or criticize my way of working, please do so in the comment area below. I’d be happy to receive your feedback. :)

Open Windows Event Viewer

First step is to open Event Viewer. I used to open it with <WIN-key+R> (which opens the Run Window) and then type eventvwr + <ENTER>. However, Windows 10 sometimes requires me to open the event viewer elevated, so I now search for Event Viewer in the Start menu, right click on it and choose Run As Administrator

Custom Views

Second Step, if I have a serious issue already, I go to Custom Views and click Administrative Events (1). This shows me all errors and warnings. I take notice of the date and time and try to find any log event that makes sense. The benefit of Administrative Events is it is a complete collection of all errors of all logs, including Applications Logs and Services Logs. Windows Logs (2), on the other hand, only shows a handful of logs.

windows event viewer administrative events

Application and Services Logs

Once I found my event that describes my error or issue, I go to related log directory to find related events. In this screenshot, it shows a DHCP error 1002, which logs its events in Microsoft-Windows-DHCP Client Events/Admin. So, you will not find this event (or any related events) back in the SYSTEM or APPLICATION log!

event id 1002 log name dhcp clients events admin

Open Application and Services -> Microsoft -> Windows -> Dhcp-Client
dhcp-client events in windows event viewer

Filter Current Log

The last option I often use is the possibility to filter on a specific ID. To find out whether an error occurred before, and how often, I filter the log on the related ID(‘s). Right-click on any log, and choose “Filter Current Log…”. Then type in any ID and click OK

windows event viewer filter on event ID

Leave a Reply

avatar
  Subscribe  
Notify of