Could anyone help with relevance language to monitor events 998 and 999 in the application event log? I can get the first occurance and last occurance but not all occurances.
I have this. I just need it to report on both events and all occurances of the event
( time generated of it, description of it ) of items 1 of it whose ( time generated of item 1 of it = item 0 of it ) of ( maximum of times generated of records whose ( event id of it = 999 ) of it, records whose ( event id of it = 999 ) of it ) of application event log
Boyd, Thanks you can probably tell I’m new at this. I managed simple one myself. But doesnt include the computer name. How would I add the computer name from the event record.
descriptions of records whose (event id of it = 998 or event id of it = 999 ) of application event log
(computer of it, description of it) of ((records of application event log) whose (event id of it = 999 or event id of it = 998))
Note: If you are going to use this in an analysis, you should set the property report interval to something besides “Every Report” or else it could impact both client-side and server-side performance. On the client, searching the event log can be costly peformance-wise. On the server, constantly re-adding a lot of data to a property for every client can be costly.