On Windows 10, the Event Viewer is a handy legacy tool designed to aggregate event logs from apps and system components into an easily digestible structure, which you can then giewer to troubleshoot and fix software or hardware problems with your computer. Typically, most users don't use or know about the Event Viewer.
However, it viewsr be the first event viewer windows 10 to check to troubleshoot problems since virtually every hardware failure, app crash, driver malfunction, system issue, security access, and events from apps and services working without issues, will be recorded in this database. If event viewer windows 10 device is suddenly rebooting without reason, freezing up, drivers aren't behaving as expected, or you're experiencing Viewwer Screen of Death BSoDthe Event Viewer on Windows 10 may contain logs event viewer windows 10 the information you need to resolve the problem or at least find out clues to help you find a solution.
In this Windows 10 guide, we'll walk you through the steps to navigate and use windowd Event Viewer on your device. On Windows 10, the Event Viewer exists to help you monitor apps and system components as well as troubleshoot problems. To open the Event Viewer on Windows 10, simply open start and perform a search for Event Viewerevent viewer windows 10 click the top result to launch the console.
The experience is divided into four main groups, event viewer windows 10 "Custom Views," "Windows Logs," "Applications and Services Logs," and "Subscriptions," and each group stores related logs. Although each aindows can hold different app and system logs, most of the time, you'll only be analyzing the ApplicationSecurityand System logs inside the "Windows Logs" group to investigate an issue.
Inside "Application," you'll find event viewer windows 10 about the interface and other essential components to run an app. In the "Security" category that's where the logs windowx related to login attempts and security features are grouped, and the "System" category records the logs related to apps installed wwindows Windows Event viewer windows 10 "Error" logs, as the name implies, indicate problems that require eent attention. The "Warning" logs are not necessarily significant.
However, they might signal that something is not working as expected, and the "Information" logs are simply events that record normal operation of apps and services. Usually, all apps should log events in this viewerr, event viewer windows 10 it's not always true for many third-party applications. If the device is working normally, you will still see errors and warnings, but they'd likely not be anything concerning.
For example, sometimes, you may see an error if a service couldn't load at startup, but it restarted at a later time normally. The time service couldn't synchronize correctly, Windows 10 couldn't access a file on a network shared folder because evennt was a connection problem — or an app suddenly crashed, but then event viewer windows 10 opened it again, and it continued to work without issues. While in the console, you can select one of the main groups to view additional information, such as the number of events and size on disk for each view.
Or you can select "Event Viewer" from the top-left to get an overview and summary events, recently view notes, and log summary. If you select one of the groups, on the right side, you'll see all the events with their "Level" information, "Date and Time" of creation, "Source," and "Event ID," and "Task Category. In the event properties window, the "General" tab includes an easy-to-understand description of the error, warning, or information. Usually, the description should give you enough information to understand and resolve the issue.
However, the "Event ID" is also an important piece of information, as you can use it to search online to find out more information, and possible instructions to fix the problem. If you're looking for a specific event, the console provides at least two ways to find events using the filters or keyword search.
Once you complete the steps, related logs will appear filtered in the console. If you want to clear the current filter, right-click the group, and select the Clear Filter option. To use a keyword to find an error, warning, or information event with Event Viewer, use these steps:. In the case that vlewer frequently search for the winfows type of events, the Event Viewer also comes with an option to create custom views to quickly filter the logs to view only those that are relevant to you.
Once you complete the steps, the next time you need wincows view specific logs, you can expand the "Custom Views" folder and select the view you created. On Windows 10, logs help you track your device's health and troubleshoot problems, and you should keep them as long as possible. However, you can clear the log history to free up space or make it easier to track wibdows existing problem.
After you complete the steps, the events will be deleted, event viewer windows 10 the console will start recording new events.
Mauro Huculak is event viewer windows 10 writer for WindowsCentral. His primary focus is to write comprehensive how-tos to help users get the most out of Windows 10 and its many event viewer windows 10 technologies.
Windows Central Windows Central. Mauro Huculak. More about windows Windows 10 version 22H2 announced, and its first build is available fo This new interactive map shows the scale of Microsoft Azure's global c Topics Windows 10 Help.
See all comments 1. Event Viewer isn't really the best resource for someone who isn't familiar with errors in Windows as it doesn't offer information windoqs plain English and it mostly contains errors that are more or less by design that don't cause stability issues with the OS.
Overall it contains iwndows catalogue of errors and it can event viewer windows 10 some people scratching their heads, it's definitely a tool that needs updating to be more helpful event viewer windows 10 least to the average user.
Windows Central Newsletter. Get the best of Windows Central in in your inbox, every day! Contact me with evwnt and offers from other Future brands. Receive email from us viewr behalf of our trusted partners or sponsors. Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was vkewer problem. Please refresh the page and try again. This new interactive map shows the scale qindows Microsoft Azure's global cloud footprint. Poll: Event viewer windows 10 you interested in Xbox Game Pass for families? Halo Infinite's next update releases next week, wlndows it's bringing cross-core visor customization.
Upgrade to Microsoft Event viewer windows 10 to take advantage of the latest features, security updates, and technical support. Want to experience Microsoft Defender for Endpoint? Sign up for a free trial. You can review event viewer windows 10 IDs in the Event Viewer on individual devices. For example, if devices aren't appearing in the Event viewer windows 10 listyou might need to look for event IDs on the devices.
You can then use this table to determine further troubleshooting event viewer windows 10. Double-click the item to open the log. Events recorded by the service will appear in the log. See the following table for a list of events recorded by the service. Check that the onboarding settings and scripts were deployed properly.
Try to redeploy the configuration packages. See Onboard Windows 10 devices. During offboarding: The service failed to clean its configuration during the offboarding. The offboarding process finished but the service keeps running. Offboarding: Reboot the system. During offboarding: Failed to change the service start type. The offboarding process continues. It will report to the portal, however the service may not appear as registered in SCCM or the registry.
Ensure real-time antimalware protection is event viewer windows 10 properly. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. Table of contents Exit focus mode. Table of contents. Submit and view feedback for This product This page. View all page feedback. In this article.
This URL will match that seen in the Firewall or network activity. Microsoft Defender for Endpoint service failed to connect to the server at variable.
The service couldn't contact the external processing servers at that URL. Check the connection to the URL. See Configure proxy and Internet connectivity. Microsoft Defender for Endpoint service event viewer windows 10 not onboarded and no onboarding parameters were found.
Onboarding must be run before starting the service. Microsoft Defender for Endpoint service failed to read the onboarding parameters.
Failure: variable. The device didn't onboard correctly and won't be reporting to the portal. Microsoft Defender for Endpoint service failed to clean its configuration.
Failure code: variable. During onboarding: The service failed to clean its configuration during the onboarding. The onboarding process continues. Onboarding: No action required. Microsoft Defender for Endpoint service failed to change its start type. During onboarding: The device didn't onboard event viewer windows 10 and won't be reporting to the portal.
Microsoft Defender for Endpoint service failed to persist the onboarding information. Normal operating event viewer windows 10 no action required. It may take several hours for the device to appear in the portal. Microsoft Defender for Endpoint service failed to change the Connected User Experiences and Telemetry service location.
If this error persists after a system restart, ensure all Windows updates have full installed. Microsoft Defender for Endpoint service failed to reset health status in the registry. The device didn't onboard correctly. Microsoft Defender for Endpoint service failed to set the onboarding status in the registry. Onboarding process failed. Normally, Microsoft Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the device, and the device is reporting to Defender for Endpoint.
Ensure the diagnostic data service is enabled. Ensure the device has Internet access, then run the entire offboarding process again. Ensure the offboarding package hasn't expired. An error occurred with the Windows telemetry service during onboarding. Check for errors with the Windows telemetry service.
Microsoft Defender for Endpoint service failed to request to stop itself after offboarding process. A unique identifier is used to represent each device that is reporting to the portal.
If the identifier doesn't persist, event viewer windows 10 same device might appear twice in the portal. Microsoft Defender for Endpoint service failed to add itself as a dependency on the Connected User Experiences and Telemetry service, causing onboarding process to fail. Microsoft Defender for Endpoint service failed to remove itself as a dependency on the Connected User Experiences and Telemetry service. An error occurred with the Windows telemetry service during offboarding.
Completion code: variable. Microsoft Defender for Endpoint A module is about to exceed its quota. The device has almost used its allocated quota of the current hour window. It's about to be throttled.
Network connection is identified as low. Network connection is identified as normal. Battery state is identified as low. Battery state is identified as normal. Microsoft Defender for Endpoint component failed to perform action. An error occurred on service startup while creating ETW session. This caused service start-up failure. This is most likely because there are too many active event trace sessions. The service will retry in 1 minute. An error occurred on service startup while creating ETW session due to lack of resources.
The service started and is running, but won't report any sensor event until the ETW session is started. The service will try to start the session every minute.
Successfully registered and started the event trace session - recovered after previous failed attempts. This means that events from this provider will not be reported.
Invalid cloud configuration command received and ignored. Received event viewer windows 10 bad configuration file from the cloud service. Last known good configuration was applied successfully. Successfully applied the default configuration. Failed to apply the last known good configuration - and the default configuration was applied.
The service will attempt to download a new configuration file within 5 minutes. If you don't see event 50 - contact Support. Connected User Event viewer windows 10 and Telemetry diagtrack service failed to start. Non-Microsoft Defender for Endpoint telemetry won't be sent from this machine.
Updating the start type of external service. The start type of the service is unexpected. Updating the start type of external service again. Cannot update the start type of external service.
If no issues spotted, contact Support. Stopping sending sensor cyber data quota because data quota is exceeded. Will resume sending once quota period passes.