WEC : How to uniquely identify logs in `Forwarded Events` channel RRS feed

  • Question

  • Looking for more information or at least suggestions on alternatives to EventRecordID as an index when using the Windows Event Collector.  When working with an individual server and individual Eventlog, the EventRecordID element can be used as an index to keep your place when crawling through events in order.  However, when using the Windows Event Collector, the events retain their original EventRecordID in the ForwardedEvents log.  That makes it difficult at best to keep track of where you were when crawling through events with a script/program.  The date/timestamp doesn't help either, as events can come in from other systems after you have moved past a given date/time.

    Anyone have any suggestions on a way to track, bookmark, or index events in ForwardedEvents?

    • Edited by Riot5155 Friday, August 14, 2020 7:37 AM
    Friday, August 14, 2020 7:20 AM

All replies