The Windows Event Viewer is one of your best friends when it comes to troubleshooting problems in Windows 10 and earlier. The event viewer gives you an overview of all events that happened on your system. Not only errors or warnings but also information. Tracing all these kind of events can often help you solve issues. Not seldom I have referred to event ID’s in the past. Like event ID 10016, event id 8198 or event id 10028 .
Now, this blog post should give you a quick look at how I troubleshoot problems using the event viewer. If you find the need to ask a question, or criticize my way of working, please do so in the comment area below. I’d be happy to receive your feedback. :)
Open Windows Event Viewer
First step is to open Event Viewer. I used to open it with <WIN-key+R> (which opens the Run Window) and then type eventvwr + <ENTER>. However, Windows 10 sometimes requires me to open the event viewer elevated, so I now search for Event Viewer in the Start menu, right click on it and choose Run As Administrator
Second Step, if I have a serious issue already, I go to Custom Views and click Administrative Events (1). This shows me all errors and warnings. I take notice of the date and time and try to find any log event that makes sense. The benefit of Administrative Events is it is a complete collection of all errors of all logs, including Applications Logs and Services Logs. Windows Logs (2), on the other hand, only shows a handful of logs.
Application and Services Logs
Once I found my event that describes my error or issue, I go to related log directory to find related events. In this screenshot, it shows a DHCP error 1002, which logs its events in Microsoft-Windows-DHCP Client Events/Admin. So, you will not find this event (or any related events) back in the SYSTEM or APPLICATION log!
Filter Current Log
The last option I often use is the possibility to filter on a specific ID. To find out whether an error occurred before, and how often, I filter the log on the related ID(‘s). Right-click on any log, and choose “Filter Current Log…”. Then type in any ID and click OK