Evaluate event IDs in Applications and Service Logs

(imported topic written by SystemAdmin)

Previously I have been able to create an analysis to get specific event IDs in the applications event log for Windows XP for a specific amount of time:

(time generated of it, source of it, event id of it mod 1073741824) of records whose (event id of it mod 1073741824 = 1000 AND now - time generated of it < 14*day) of application event log

On Windows 7 the events I am looking for have been moved to log name Microsoft-Windows-Wired-AutoConfig/Operational. How can I adjust this analysis to query the correct log?

(imported comment written by SystemAdmin)

These named event logs had an issue in pre 9.0 agents, so you will have to be using a 9.0 or later agent to access these other named logs. In pre 9.0 agents the OS unfortunately redirects the request to the application event log so you may get data that looks correct but is looking at the wrong source.

To do so you would ask for the data like this example

Q: number of records whose (exists description of it) of event log
"Microsoft-Windows-Diagnostics-Performance/Operational"
A: 460

More documentation is at: http://support.bigfix.com/inspectors/System%20Objects_Win.html#event%20log

(imported comment written by SystemAdmin)

These named event logs had an issue in pre 9.0 agents, so you will have to be using a 9.0 or later agent to access these other named logs. In pre 9.0 agents the OS unfortunately redirects the request to the application event log so you may get data that looks correct but is looking at the wrong source.

To do so you would ask for the data like this example

Q: number of records whose (exists description of it) of event log
"Microsoft-Windows-Diagnostics-Performance/Operational"
A: 460

More documentation is at: http://support.bigfix.com/inspectors/System%20Objects_Win.html#event%20log