Answered by:
How can I filter only error messages using wevtutil.exe?
Question
-
Hi team!
How can I filter only error messages using wevtutil.exe? Is the following filter right? Level=3? Where do I find the documentation for Level field? Numbers 1, 2, 3, 4, ...
%SystemRoot%\System32\wevtutil.exe qe System "/q:*[System [(Level=3)]]" /rd:true /f:text /c:10 > System.log
Still, do the same levels apply to the other logs? Application, Security? etc?
Thanks.
Doria
Thursday, July 2, 2020 3:59 PM
Answers
-
Hi Doria,
Please remove /rd:true Parameter for UIManager_Channel and WINDOWS_KS_CHANNEL or set Direction to be false, then the command will work fine. As the picture below:
Hope this can help you.
Best Regards,
Candy
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com- Marked as answer by dydoria Friday, July 3, 2020 3:49 PM
Friday, July 3, 2020 5:04 AM
All replies
-
On time, I am creating a batch file to filter only errors from all log files available in the operating system, so I need to know if level = 3 applies to all logs or if there is some other way to filter only error messages...
AMSI/Debug Application EndpointMapper FirstUXPerf-Analytic ForwardedEvents HardwareEvents Internet Explorer Key Management Service Microsoft-Client-Licensing-Platform/Admin Microsoft-Client-Licensing-Platform/Debug Microsoft-Client-Licensing-Platform/Diagnostic Microsoft-Management-UI/Admin Microsoft-Management-UI/Debug Microsoft-OneCore-Setup/Analytic Microsoft-Pef-WFP-MessageProvider/Diagnostic Microsoft-Rdms-UI/Admin Microsoft-Rdms-UI/Analytic Microsoft-Rdms-UI/Debug Microsoft-Rdms-UI/Operational Microsoft-Windows-ADSI/Debug Microsoft-Windows-ASN1/Operational Microsoft-Windows-ATAPort/General Microsoft-Windows-ATAPort/SATA-LPM Microsoft-Windows-ActionQueue/Analytic Microsoft-Windows-All-User-Install-Agent/Admin Microsoft-Windows-AppID/Operational Microsoft-Windows-AppLocker/EXE and DLL Microsoft-Windows-AppLocker/MSI and Script Microsoft-Windows-AppLocker/Packaged app-Deployment Microsoft-Windows-AppLocker/Packaged app-Execution Microsoft-Windows-AppModel-Runtime/Admin Microsoft-Windows-AppModel-Runtime/Analytic Microsoft-Windows-AppModel-Runtime/Debug Microsoft-Windows-AppModel-Runtime/Diagnostics Microsoft-Windows-AppModel-State/Debug Microsoft-Windows-AppModel-State/Diagnostic Microsoft-Windows-AppReadiness/Admin Microsoft-Windows-AppReadiness/Debug Microsoft-Windows-AppReadiness/Operational Microsoft-Windows-AppXDeployment/Diagnostic Microsoft-Windows-AppXDeployment/Operational Microsoft-Windows-AppXDeploymentServer/Debug Microsoft-Windows-AppXDeploymentServer/Diagnostic Microsoft-Windows-AppXDeploymentServer/Operational Microsoft-Windows-AppXDeploymentServer/Restricted Microsoft-Windows-Application Server-Applications/Admin Microsoft-Windows-Application Server-Applications/Analytic Microsoft-Windows-Application Server-Applications/Debug Microsoft-Windows-Application Server-Applications/Operational Microsoft-Windows-AppxPackaging/Debug Microsoft-Windows-AppxPackaging/Operational Microsoft-Windows-AppxPackaging/Performance Microsoft-Windows-AsynchronousCausality/Causality Microsoft-Windows-Audit/Analytic Microsoft-Windows-Authentication User Interface/Operational Microsoft-Windows-Authentication/AuthenticationPolicyFailures-DomainController Microsoft-Windows-Authentication/ProtectedUser-Client Microsoft-Windows-Authentication/ProtectedUserFailures-DomainController Microsoft-Windows-Authentication/ProtectedUserSuccesses-DomainController Microsoft-Windows-Backup Microsoft-Windows-Base-Filtering-Engine-Connections/Operational Microsoft-Windows-Base-Filtering-Engine-Resource-Flows/Operational Microsoft-Windows-Battery/Diagnostic Microsoft-Windows-BestPractices/Operational Microsoft-Windows-Bits-Client/Analytic Microsoft-Windows-Bits-Client/Operational Microsoft-Windows-CAPI2/Catalog Database Debug Microsoft-Windows-CAPI2/Operational Microsoft-Windows-CDROM/Operational Microsoft-Windows-COM/Analytic Microsoft-Windows-COM/ApartmentInitialize Microsoft-Windows-COM/ApartmentUninitialize Microsoft-Windows-COM/Call Microsoft-Windows-COM/CreateInstance Microsoft-Windows-COM/ExtensionCatalog Microsoft-Windows-COM/FreeUnusedLibrary Microsoft-Windows-COM/RundownInstrumentation Microsoft-Windows-COMRuntime/Activations Microsoft-Windows-COMRuntime/MessageProcessing Microsoft-Windows-COMRuntime/Tracing Microsoft-Windows-CertPoleEng/Operational Microsoft-Windows-CertificateServices-Deployment/Operational Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational Microsoft-Windows-CmiSetup/Analytic Microsoft-Windows-CodeIntegrity/Operational Microsoft-Windows-CodeIntegrity/Verbose Microsoft-Windows-ComDlg32/Analytic Microsoft-Windows-ComDlg32/Debug Microsoft-Windows-Containers-BindFlt/Debug Microsoft-Windows-Containers-BindFlt/Operational Microsoft-Windows-Containers-Wcifs/Debug Microsoft-Windows-Containers-Wcifs/Operational Microsoft-Windows-Containers-Wcnfs/Debug Microsoft-Windows-Containers-Wcnfs/Operational Microsoft-Windows-CoreApplication/Diagnostic Microsoft-Windows-CoreApplication/Operational Microsoft-Windows-CoreApplication/Tracing Microsoft-Windows-Crashdump/Operational Microsoft-Windows-CredUI/Diagnostic Microsoft-Windows-Crypto-BCRYPT/Analytic Microsoft-Windows-Crypto-DPAPI/BackUpKeySvc Microsoft-Windows-Crypto-DPAPI/Debug Microsoft-Windows-Crypto-DPAPI/Operational Microsoft-Windows-Crypto-DSSEnh/Analytic Microsoft-Windows-Crypto-NCrypt/Operational Microsoft-Windows-Crypto-RSAEnh/Analytic Microsoft-Windows-DAL-Provider/Analytic Microsoft-Windows-DAL-Provider/Operational Microsoft-Windows-DCLocator/Debug Microsoft-Windows-DNS-Client/Operational Microsoft-Windows-DSC/Admin Microsoft-Windows-DSC/Analytic Microsoft-Windows-DSC/Debug Microsoft-Windows-DSC/Operational Microsoft-Windows-DUI/Diagnostic Microsoft-Windows-DUSER/Diagnostic Microsoft-Windows-DXGI/Analytic Microsoft-Windows-DXGI/Logging Microsoft-Windows-DataIntegrityScan/Admin Microsoft-Windows-DataIntegrityScan/CrashRecovery Microsoft-Windows-DateTimeControlPanel/Analytic Microsoft-Windows-DateTimeControlPanel/Debug Microsoft-Windows-DateTimeControlPanel/Operational Microsoft-Windows-Defrag-Core/Debug Microsoft-Windows-Deplorch/Analytic Microsoft-Windows-DeviceGuard/Operational Microsoft-Windows-DeviceUpdateAgent/Operational Microsoft-Windows-Dhcp-Client/Admin Microsoft-Windows-Dhcp-Client/Operational Microsoft-Windows-Dhcpv6-Client/Admin Microsoft-Windows-Dhcpv6-Client/Operational Microsoft-Windows-Diagnosis-AdvancedTaskManager/Analytic Microsoft-Windows-Diagnosis-DPS/Analytic Microsoft-Windows-Diagnosis-DPS/Debug Microsoft-Windows-Diagnosis-DPS/Operational Microsoft-Windows-Diagnosis-PCW/Analytic Microsoft-Windows-Diagnosis-PCW/Debug Microsoft-Windows-Diagnosis-PCW/Operational Microsoft-Windows-Diagnosis-PLA/Debug Microsoft-Windows-Diagnosis-PLA/Operational Microsoft-Windows-Diagnosis-Perfhost/Analytic Microsoft-Windows-Diagnosis-WDI/Debug Microsoft-Windows-Diagnostics-Networking/Debug Microsoft-Windows-Diagnostics-Networking/Operational Microsoft-Windows-Direct3D11/Analytic Microsoft-Windows-Direct3D11/Logging Microsoft-Windows-Direct3D11/PerfTiming Microsoft-Windows-Direct3D12/Analytic Microsoft-Windows-Direct3D12/Logging Microsoft-Windows-Direct3D12/PerfTiming Microsoft-Windows-Direct3D9/Analytic Microsoft-Windows-DirectManipulation/Diagnostic Microsoft-Windows-DirectoryServices-Deployment/Operational Microsoft-Windows-Disk/Operational Microsoft-Windows-Dism-Api/Analytic Microsoft-Windows-Dism-Api/ExternalAnalytic Microsoft-Windows-Dism-Api/InternalAnalytic Microsoft-Windows-Dism-Cli/Analytic Microsoft-Windows-DriverFrameworks-UserMode/Operational Microsoft-Windows-Dwm-API/Diagnostic Microsoft-Windows-DxgKrnl/Contention Microsoft-Windows-DxgKrnl/Diagnostic Microsoft-Windows-DxgKrnl/Performance Microsoft-Windows-DxgKrnl/Power Microsoft-Windows-EFS/Debug Microsoft-Windows-ESE/IODiagnose Microsoft-Windows-ESE/Operational Microsoft-Windows-EapHost/Analytic Microsoft-Windows-EapHost/Debug Microsoft-Windows-EapHost/Operational Microsoft-Windows-EapMethods-RasChap/Operational Microsoft-Windows-EapMethods-RasTls/Operational Microsoft-Windows-EapMethods-Sim/Operational Microsoft-Windows-EapMethods-Ttls/Operational Microsoft-Windows-EventCollector/Debug Microsoft-Windows-EventCollector/Operational Microsoft-Windows-EventLog-WMIProvider/Debug Microsoft-Windows-EventLog/Analytic Microsoft-Windows-EventLog/Debug Microsoft-Windows-FMS/Analytic Microsoft-Windows-FMS/Debug Microsoft-Windows-FMS/Operational Microsoft-Windows-FailoverClustering-Client/Diagnostic Microsoft-Windows-FeatureConfiguration/Analytic Microsoft-Windows-FeatureConfiguration/Operational Microsoft-Windows-FederationServices-Deployment/Operational Microsoft-Windows-FileInfoMinifilter/Operational Microsoft-Windows-FileServices-ServerManager-EventProvider/Admin Microsoft-Windows-FileServices-ServerManager-EventProvider/Debug Microsoft-Windows-FileServices-ServerManager-EventProvider/Operational Microsoft-Windows-FileShareShadowCopyProvider/Operational Microsoft-Windows-Forwarding/Debug Microsoft-Windows-Forwarding/Operational Microsoft-Windows-GPIO-ClassExtension/Analytic Microsoft-Windows-GenericRoaming/Admin Microsoft-Windows-GroupPolicy/Operational Microsoft-Windows-HAL/Debug Microsoft-Windows-Help/Operational Microsoft-Windows-Host-Network-Service-Admin Microsoft-Windows-Host-Network-Service-Analytic Microsoft-Windows-Host-Network-Service-Operational Microsoft-Windows-HttpService/Log Microsoft-Windows-HttpService/Trace Microsoft-Windows-Hyper-V-Compute-Admin Microsoft-Windows-Hyper-V-Compute-Analytic Microsoft-Windows-Hyper-V-Compute-Operational Microsoft-Windows-Hyper-V-Guest-Drivers/Admin Microsoft-Windows-Hyper-V-Guest-Drivers/Analytic Microsoft-Windows-Hyper-V-Guest-Drivers/Debug Microsoft-Windows-Hyper-V-Guest-Drivers/Diagnose Microsoft-Windows-Hyper-V-Guest-Drivers/Operational Microsoft-Windows-Hyper-V-Hypervisor-Admin Microsoft-Windows-Hyper-V-Hypervisor-Analytic Microsoft-Windows-Hyper-V-Hypervisor-Operational Microsoft-Windows-Hyper-V-NETVSC/Diagnostic Microsoft-Windows-Hyper-V-VfpExt-Analytic Microsoft-Windows-Hyper-V-VmSwitch-Diagnostic Microsoft-Windows-Hyper-V-VmSwitch-Diagnostic-Traffic Microsoft-Windows-Hyper-V-VmSwitch-Operational Microsoft-Windows-IKE/Operational Microsoft-Windows-IKEDBG/Debug Microsoft-Windows-IME-Broker/Analytic Microsoft-Windows-IME-CandidateUI/Analytic Microsoft-Windows-IME-JPAPI/Analytic Microsoft-Windows-IME-JPLMP/Analytic Microsoft-Windows-IME-JPPRED/Analytic Microsoft-Windows-IME-JPTIP/Analytic Microsoft-Windows-IME-KRAPI/Analytic Microsoft-Windows-IME-KRTIP/Analytic Microsoft-Windows-IME-TCCORE/Analytic Microsoft-Windows-IME-TCTIP/Analytic Microsoft-Windows-IME-TIP/Analytic Microsoft-Windows-IPNAT/Diagnostic Microsoft-Windows-IPSEC-SRV/Diagnostic Microsoft-Windows-InputSwitch/Diagnostic Microsoft-Windows-International-RegionalOptionsControlPanel/Operational Microsoft-Windows-International/Operational Microsoft-Windows-Iphlpsvc/Debug Microsoft-Windows-Iphlpsvc/Operational Microsoft-Windows-Iphlpsvc/Trace Microsoft-Windows-KdsSvc/Operational Microsoft-Windows-Kerberos-KdcProxy/Operational Microsoft-Windows-Kerberos/Operational Microsoft-Windows-Kernel-Acpi/Diagnostic Microsoft-Windows-Kernel-AppCompat/General Microsoft-Windows-Kernel-AppCompat/Performance Microsoft-Windows-Kernel-ApphelpCache/Analytic Microsoft-Windows-Kernel-ApphelpCache/Debug Microsoft-Windows-Kernel-ApphelpCache/Operational Microsoft-Windows-Kernel-Boot/Analytic Microsoft-Windows-Kernel-Boot/Operational Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic Microsoft-Windows-Kernel-Disk/Analytic Microsoft-Windows-Kernel-EventTracing/Admin Microsoft-Windows-Kernel-EventTracing/Analytic Microsoft-Windows-Kernel-File/Analytic Microsoft-Windows-Kernel-IO/Operational Microsoft-Windows-Kernel-Interrupt-Steering/Diagnostic Microsoft-Windows-Kernel-IoTrace/Diagnostic Microsoft-Windows-Kernel-LiveDump/Analytic Microsoft-Windows-Kernel-Memory/Analytic Microsoft-Windows-Kernel-Network/Analytic Microsoft-Windows-Kernel-Pdc/Diagnostic Microsoft-Windows-Kernel-Pep/Diagnostic Microsoft-Windows-Kernel-PnP/Boot Diagnostic Microsoft-Windows-Kernel-PnP/Configuration Microsoft-Windows-Kernel-PnP/Configuration Diagnostic Microsoft-Windows-Kernel-PnP/Device Enumeration Diagnostic Microsoft-Windows-Kernel-PnP/Driver Diagnostic Microsoft-Windows-Kernel-Power/Diagnostic Microsoft-Windows-Kernel-Power/Thermal-Diagnostic Microsoft-Windows-Kernel-Power/Thermal-Operational Microsoft-Windows-Kernel-Prefetch/Diagnostic Microsoft-Windows-Kernel-Process/Analytic Microsoft-Windows-Kernel-Processor-Power/Diagnostic Microsoft-Windows-Kernel-Registry/Analytic Microsoft-Windows-Kernel-Registry/Performance Microsoft-Windows-Kernel-ShimEngine/Debug Microsoft-Windows-Kernel-ShimEngine/Diagnostic Microsoft-Windows-Kernel-ShimEngine/Operational Microsoft-Windows-Kernel-StoreMgr/Analytic Microsoft-Windows-Kernel-StoreMgr/Operational Microsoft-Windows-Kernel-WDI/Analytic Microsoft-Windows-Kernel-WDI/Debug Microsoft-Windows-Kernel-WDI/Operational Microsoft-Windows-Kernel-WHEA/Errors Microsoft-Windows-Kernel-WHEA/Operational Microsoft-Windows-Kernel-XDV/Analytic Microsoft-Windows-Known Folders API Service Microsoft-Windows-L2NA/Diagnostic Microsoft-Windows-LDAP-Client/Debug Microsoft-Windows-LSA/Diagnostic Microsoft-Windows-LSA/Operational Microsoft-Windows-LSA/Performance Microsoft-Windows-LanguagePackSetup/Analytic Microsoft-Windows-LanguagePackSetup/Debug Microsoft-Windows-LanguagePackSetup/Operational Microsoft-Windows-LimitsManagement/Diagnostic Microsoft-Windows-MPS-CLNT/Diagnostic Microsoft-Windows-MPS-DRV/Diagnostic Microsoft-Windows-MPS-SRV/Diagnostic Microsoft-Windows-MSFTEDIT/Diagnostic Microsoft-Windows-MUI/Admin Microsoft-Windows-MUI/Analytic Microsoft-Windows-MUI/Debug Microsoft-Windows-MUI/Operational Microsoft-Windows-ManagementTools-RegistryProvider/Analytic Microsoft-Windows-ManagementTools-RegistryProvider/Operational Microsoft-Windows-ManagementTools-TaskManagerProvider/Analytic Microsoft-Windows-ManagementTools-TaskManagerProvider/Debug Microsoft-Windows-ManagementTools-TaskManagerProvider/Operational Microsoft-Windows-MiStreamProvider/Debug Microsoft-Windows-MiStreamProvider/Operational Microsoft-Windows-Minstore/Analytic Microsoft-Windows-Minstore/Debug Microsoft-Windows-MsLbfoProvider/Operational Microsoft-Windows-NDF-HelperClassDiscovery/Debug Microsoft-Windows-NDIS-PacketCapture/Diagnostic Microsoft-Windows-NDIS/Diagnostic Microsoft-Windows-NDIS/Operational Microsoft-Windows-NTLM/Operational Microsoft-Windows-Ncasvc/Operational Microsoft-Windows-NdisImPlatform/Operational Microsoft-Windows-Network-Setup/Diagnostic Microsoft-Windows-NetworkProfile/Diagnostic Microsoft-Windows-NetworkProfile/Operational Microsoft-Windows-NetworkProvider/Operational Microsoft-Windows-NetworkSecurity/Debug Microsoft-Windows-Networking-Correlation/Diagnostic Microsoft-Windows-NlaSvc/Diagnostic Microsoft-Windows-NlaSvc/Operational Microsoft-Windows-Ntfs/Operational Microsoft-Windows-Ntfs/Performance Microsoft-Windows-Ntfs/WHC Microsoft-Windows-OLE/Clipboard-Performance Microsoft-Windows-OLEACC/Debug Microsoft-Windows-OLEACC/Diagnostic Microsoft-Windows-OOBE-Machine-Core/Diagnostic Microsoft-Windows-OobeLdr/Analytic Microsoft-Windows-PCI/Diagnostic Microsoft-Windows-Partition/Analytic Microsoft-Windows-Partition/Diagnostic Microsoft-Windows-PersistentMemory-Nvdimm/Analytic Microsoft-Windows-PersistentMemory-Nvdimm/Diagnostic Microsoft-Windows-PersistentMemory-Nvdimm/Operational Microsoft-Windows-PersistentMemory-PmemDisk/Analytic Microsoft-Windows-PersistentMemory-PmemDisk/Diagnostic Microsoft-Windows-PersistentMemory-PmemDisk/Operational Microsoft-Windows-PersistentMemory-ScmBus/Analytic Microsoft-Windows-PersistentMemory-ScmBus/Certification Microsoft-Windows-PersistentMemory-ScmBus/Diagnose Microsoft-Windows-PersistentMemory-ScmBus/Operational Microsoft-Windows-Policy/Analytic Microsoft-Windows-Policy/Operational Microsoft-Windows-Power-Meter-Polling/Diagnostic Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Analytic Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Debug Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Operational Microsoft-Windows-PowerShell/Admin Microsoft-Windows-PowerShell/Analytic Microsoft-Windows-PowerShell/Debug Microsoft-Windows-PowerShell/Operational Microsoft-Windows-PriResources-Deployment/Diagnostic Microsoft-Windows-PriResources-Deployment/Operational Microsoft-Windows-QoS-Pacer/Diagnostic Microsoft-Windows-RPC-Proxy/Debug Microsoft-Windows-RPC/Debug Microsoft-Windows-RPC/EEInfo Microsoft-Windows-RRAS/Debug Microsoft-Windows-RRAS/Operational Microsoft-Windows-Ras-NdisWanPacketCapture/Diagnostic Microsoft-Windows-RasAgileVpn/Debug Microsoft-Windows-RasAgileVpn/Operational Microsoft-Windows-ReFS/Operational Microsoft-Windows-ReadyBoost/Analytic Microsoft-Windows-ReadyBoost/Operational Microsoft-Windows-Regsvr32/Operational Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Debug Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc/Admin Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-Kernel-Mode-Transport/Debug Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-Transport/Debug Microsoft-Windows-RemoteDesktopServices-SessionServices/Operational Microsoft-Windows-Remotefs-Rdbss/Diagnostic Microsoft-Windows-Remotefs-Rdbss/Operational Microsoft-Windows-Resource-Exhaustion-Detector/Operational Microsoft-Windows-RestartManager/Operational Microsoft-Windows-Runtime-Graphics/Analytic Microsoft-Windows-Runtime/CreateInstance Microsoft-Windows-Runtime/Error Microsoft-Windows-SENSE/Operational Microsoft-Windows-SMBClient/Analytic Microsoft-Windows-SMBClient/HelperClassDiagnostic Microsoft-Windows-SMBClient/ObjectStateDiagnostic Microsoft-Windows-SMBClient/Operational Microsoft-Windows-SMBDirect/Admin Microsoft-Windows-SMBDirect/Debug Microsoft-Windows-SMBDirect/Netmon Microsoft-Windows-SMBServer/Analytic Microsoft-Windows-SMBServer/Audit Microsoft-Windows-SMBServer/Connectivity Microsoft-Windows-SMBServer/Diagnostic Microsoft-Windows-SMBServer/Operational Microsoft-Windows-SMBServer/Performance Microsoft-Windows-SMBServer/Security Microsoft-Windows-SMBWitnessClient/Admin Microsoft-Windows-SMBWitnessClient/Informational Microsoft-Windows-SPB-ClassExtension/Analytic Microsoft-Windows-Schannel-Events/Perf Microsoft-Windows-Security-Adminless/Operational Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic Microsoft-Windows-Security-Audit-Configuration-Client/Operational Microsoft-Windows-Security-LessPrivilegedAppContainer/Operational Microsoft-Windows-Security-Mitigations/KernelMode Microsoft-Windows-Security-Mitigations/UserMode Microsoft-Windows-Security-Netlogon/Operational Microsoft-Windows-Security-SPP-UX-Notifications/ActionCenter Microsoft-Windows-Security-SPP-UX/Analytic Microsoft-Windows-Security-SPP/Perf Microsoft-Windows-Security-Vault/Performance Microsoft-Windows-Sens/Debug Microsoft-Windows-SenseIR/Operational Microsoft-Windows-Serial-ClassExtension/Analytic Microsoft-Windows-ServerManager-ConfigureSMRemoting/Debug Microsoft-Windows-ServerManager-ConfigureSMRemoting/Operational Microsoft-Windows-ServerManager-DeploymentProvider/Debug Microsoft-Windows-ServerManager-DeploymentProvider/Operational Microsoft-Windows-ServerManager-MgmtProvider/Debug Microsoft-Windows-ServerManager-MgmtProvider/Operational Microsoft-Windows-ServerManager-MultiMachine/Admin Microsoft-Windows-ServerManager-MultiMachine/Debug Microsoft-Windows-ServerManager-MultiMachine/Operational Microsoft-Windows-ServiceReportingApi/Debug Microsoft-Windows-Services-Svchost/Diagnostic Microsoft-Windows-Services/Diagnostic Microsoft-Windows-Servicing/Debug Microsoft-Windows-Setup/Analytic Microsoft-Windows-SetupCl/Analytic Microsoft-Windows-SetupPlatform/Analytic Microsoft-Windows-SetupQueue/Analytic Microsoft-Windows-SetupUGC/Analytic Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic Microsoft-Windows-Shell-AuthUI-Common/Diagnostic Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic Microsoft-Windows-Shell-AuthUI-CredentialProviderUser/Diagnostic Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic Microsoft-Windows-Shell-AuthUI-LogonUI/Diagnostic Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic Microsoft-Windows-Shell-OpenWith/Diagnostic Microsoft-Windows-SilProvider/Debug Microsoft-Windows-SilProvider/Operational Microsoft-Windows-SleepStudy/Diagnostic Microsoft-Windows-SmartCard-Audit/Authentication Microsoft-Windows-SmartCard-DeviceEnum/Operational Microsoft-Windows-SmbClient/Audit Microsoft-Windows-SmbClient/Connectivity Microsoft-Windows-SmbClient/Diagnostic Microsoft-Windows-SmbClient/Security Microsoft-Windows-SruMon/Diagnostic Microsoft-Windows-StateRepository/Debug Microsoft-Windows-StateRepository/Diagnostic Microsoft-Windows-StateRepository/Operational Microsoft-Windows-StateRepository/Restricted Microsoft-Windows-StorDiag/Operational Microsoft-Windows-StorPort/Operational Microsoft-Windows-Storage-ATAPort/Admin Microsoft-Windows-Storage-ATAPort/Analytic Microsoft-Windows-Storage-ATAPort/Debug Microsoft-Windows-Storage-ATAPort/Diagnose Microsoft-Windows-Storage-ATAPort/Operational Microsoft-Windows-Storage-ClassPnP/Admin Microsoft-Windows-Storage-ClassPnP/Analytic Microsoft-Windows-Storage-ClassPnP/Debug Microsoft-Windows-Storage-ClassPnP/Diagnose Microsoft-Windows-Storage-ClassPnP/Operational Microsoft-Windows-Storage-Disk/Admin Microsoft-Windows-Storage-Disk/Analytic Microsoft-Windows-Storage-Disk/Debug Microsoft-Windows-Storage-Disk/Diagnose Microsoft-Windows-Storage-Disk/Operational Microsoft-Windows-Storage-Storport/Admin Microsoft-Windows-Storage-Storport/Analytic Microsoft-Windows-Storage-Storport/Debug Microsoft-Windows-Storage-Storport/Diagnose Microsoft-Windows-Storage-Storport/Health Microsoft-Windows-Storage-Storport/Operational Microsoft-Windows-Storage-Tiering-IoHeat/Heat Microsoft-Windows-Storage-Tiering/Admin Microsoft-Windows-StorageManagement/Debug Microsoft-Windows-StorageManagement/Operational Microsoft-Windows-StorageSpaces-Driver/Diagnostic Microsoft-Windows-StorageSpaces-Driver/Operational Microsoft-Windows-StorageSpaces-Driver/Performance Microsoft-Windows-StorageSpaces-ManagementAgent/WHC Microsoft-Windows-StorageSpaces-SpaceManager/Diagnostic Microsoft-Windows-StorageSpaces-SpaceManager/Operational Microsoft-Windows-Subsys-Csr/Operational Microsoft-Windows-Subsys-SMSS/Operational Microsoft-Windows-Superfetch/Main Microsoft-Windows-Superfetch/PfApLog Microsoft-Windows-Superfetch/StoreLog Microsoft-Windows-Sysprep/Analytic Microsoft-Windows-SystemDataArchiver/Diagnostic Microsoft-Windows-TCPIP/Diagnostic Microsoft-Windows-TCPIP/Operational Microsoft-Windows-TSF-msctf/Debug Microsoft-Windows-TSF-msctf/Diagnostic Microsoft-Windows-TSF-msutb/Debug Microsoft-Windows-TSF-msutb/Diagnostic Microsoft-Windows-TWinAPI/Diagnostic Microsoft-Windows-TZSync/Analytic Microsoft-Windows-TZSync/Operational Microsoft-Windows-TZUtil/Operational Microsoft-Windows-TaskScheduler/Debug Microsoft-Windows-TaskScheduler/Diagnostic Microsoft-Windows-TaskScheduler/Maintenance Microsoft-Windows-TaskScheduler/Operational Microsoft-Windows-TerminalServices-LocalSessionManager/Admin Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic Microsoft-Windows-TerminalServices-LocalSessionManager/Debug Microsoft-Windows-TerminalServices-LocalSessionManager/Operational Microsoft-Windows-TerminalServices-PnPDevices/Admin Microsoft-Windows-TerminalServices-PnPDevices/Analytic Microsoft-Windows-TerminalServices-PnPDevices/Debug Microsoft-Windows-TerminalServices-PnPDevices/Operational Microsoft-Windows-TerminalServices-Printers/Admin Microsoft-Windows-TerminalServices-Printers/Analytic Microsoft-Windows-TerminalServices-Printers/Debug Microsoft-Windows-TerminalServices-Printers/Operational Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational Microsoft-Windows-TerminalServices-SessionBroker-Client/Admin Microsoft-Windows-TerminalServices-SessionBroker-Client/Analytic Microsoft-Windows-TerminalServices-SessionBroker-Client/Debug Microsoft-Windows-TerminalServices-SessionBroker-Client/Operational Microsoft-Windows-Threat-Intelligence/Analytic Microsoft-Windows-Time-Service-PTP-Provider/PTP-Operational Microsoft-Windows-Time-Service/Operational Microsoft-Windows-TunnelDriver Microsoft-Windows-UAC/Operational Microsoft-Windows-UIAutomationCore/Debug Microsoft-Windows-UIAutomationCore/Diagnostic Microsoft-Windows-UIAutomationCore/Perf Microsoft-Windows-USB-UCX-Analytic Microsoft-Windows-UniversalTelemetryClient/Operational Microsoft-Windows-User Profile Service/Diagnostic Microsoft-Windows-User Profile Service/Operational Microsoft-Windows-User-Loader/Analytic Microsoft-Windows-User-Loader/Operational Microsoft-Windows-UserModePowerService/Diagnostic Microsoft-Windows-UserPnp/ActionCenter Microsoft-Windows-UserPnp/DeviceInstall Microsoft-Windows-UserPnp/DeviceMetadata/Debug Microsoft-Windows-UserPnp/Performance Microsoft-Windows-UserPnp/SchedulerOperations Microsoft-Windows-VDRVROOT/Operational Microsoft-Windows-VHDMP-Analytic Microsoft-Windows-VHDMP-Operational Microsoft-Windows-VIRTDISK-Analytic Microsoft-Windows-VPN/Operational Microsoft-Windows-VerifyHardwareSecurity/Admin Microsoft-Windows-VerifyHardwareSecurity/Operational Microsoft-Windows-Volume/Diagnostic Microsoft-Windows-VolumeSnapshot-Driver/Analytic Microsoft-Windows-VolumeSnapshot-Driver/Operational Microsoft-Windows-WER-PayloadHealth/Operational Microsoft-Windows-WFP/Analytic Microsoft-Windows-WFP/Operational Microsoft-Windows-WMI-Activity/Debug Microsoft-Windows-WMI-Activity/Operational Microsoft-Windows-WMI-Activity/Trace Microsoft-Windows-WUSA/Debug Microsoft-Windows-WWAN-NDISUIO-EVENTS/Diagnostic Microsoft-Windows-WebIO-NDF/Diagnostic Microsoft-Windows-WebIO/Diagnostic Microsoft-Windows-WebServices/Tracing Microsoft-Windows-Websocket-Protocol-Component/Tracing Microsoft-Windows-Win32k/Concurrency Microsoft-Windows-Win32k/Contention Microsoft-Windows-Win32k/Messages Microsoft-Windows-Win32k/Operational Microsoft-Windows-Win32k/Power Microsoft-Windows-Win32k/Render Microsoft-Windows-Win32k/Tracing Microsoft-Windows-Win32k/UIPI Microsoft-Windows-WinHTTP-NDF/Diagnostic Microsoft-Windows-WinHttp/Diagnostic Microsoft-Windows-WinINet-Capture/Analytic Microsoft-Windows-WinINet-Config/ProxyConfigChanged Microsoft-Windows-WinINet/Analytic Microsoft-Windows-WinINet/UsageLog Microsoft-Windows-WinINet/WebSocket Microsoft-Windows-WinNat/Oper Microsoft-Windows-WinNat/Trace Microsoft-Windows-WinRM/Analytic Microsoft-Windows-WinRM/Debug Microsoft-Windows-WinRM/Operational Microsoft-Windows-WinURLMon/Analytic Microsoft-Windows-Windeploy/Analytic Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose Microsoft-Windows-Windows Firewall With Advanced Security/Firewall Microsoft-Windows-Windows Firewall With Advanced Security/FirewallDiagnostics Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose Microsoft-Windows-WindowsColorSystem/Debug Microsoft-Windows-WindowsColorSystem/Operational Microsoft-Windows-WindowsUIImmersive/Diagnostic Microsoft-Windows-WindowsUIImmersive/Operational Microsoft-Windows-WindowsUpdateClient/Analytic Microsoft-Windows-WindowsUpdateClient/Operational Microsoft-Windows-Wininit/Diagnostic Microsoft-Windows-Winlogon/Diagnostic Microsoft-Windows-Winlogon/Operational Microsoft-Windows-Winsock-AFD/Operational Microsoft-Windows-Winsock-NameResolution/Operational Microsoft-Windows-Winsock-WS2HELP/Operational Microsoft-Windows-Winsrv/Analytic Microsoft-Windows-Wnv/Trace Microsoft-Windows-ntshrui Microsoft-Windows-ntshrui-perf Network Isolation Operational OpenSSH/Admin OpenSSH/Debug OpenSSH/Operational RTWorkQueueExtended RTWorkQueueTheading Security Setup SmbWmiAnalytic System SystemEventsBroker TimeBroker UIManager_Channel WINDOWS_KS_CHANNEL Windows PowerShell
Doria
Thursday, July 2, 2020 4:06 PM -
Hi,
The following script will get all error events from the System event log:
wevtutil qe System /rd:true /f:text /q:*[System[(Level=2)]] > C:\Temp\ErrorEvents.txt
The following will get the last 10 errors events from the System event log:
wevtutil qe System /rd:true /f:text /c:10 /q:*[System[(Level=2)]] > C:\Temp\ErrorEvents.txt
Best regards,
LeonBlog:
https://thesystemcenterblog.com
LinkedIn: 
Thursday, July 2, 2020 4:12 PM -
Thanks for your answer!
However, it appears that it does not work for some other log files. I wonder why...
Doria
Friday, July 3, 2020 1:26 AM -
Hi Doria,
Please remove /rd:true Parameter for UIManager_Channel and WINDOWS_KS_CHANNEL or set Direction to be false, then the command will work fine. As the picture below:
Hope this can help you.
Best Regards,
Candy
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com- Marked as answer by dydoria Friday, July 3, 2020 3:49 PM
Friday, July 3, 2020 5:04 AM -
The following should work:
wevtutil qe "Windows PowerShell" /q:"*[System[(Level=0)]]" /c:10 /rd:true /f:text >C:\Temp\PowerShellEvents.txt
Blog:
https://thesystemcenterblog.com
LinkedIn: Friday, July 3, 2020 5:17 AM -
Hi Leon,
This command doesn't work on UIManager_Channel and WINDOWS_KS_CHANNEL. It seems they cannot add /rd:true Parameter.
Best Regards,
Candy
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.comFriday, July 3, 2020 5:29 AM -
I don't have a "WINDOWS_KS_CHANNEL" event log to try with, but for PowerShell the command works at least, the /rd parameter is not a must have, so it can be left out.
Blog:
https://thesystemcenterblog.com
LinkedIn: Friday, July 3, 2020 5:40 AM -
Hi Doria,
Please remove /rd:true Parameter for UIManager_Channel and WINDOWS_KS_CHANNEL or set Direction to be false, then the command will work fine. As the picture below:
Hope this can help you.
Best Regards,
Candy
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.comIt did! Excellent!
Thanks.
Doria
Friday, July 3, 2020 3:49 PM -
Thanks for all other answers, but after changing the parameter to false solved the issue. I take the opportunity to share the batch script.
@echo off rem by Doria echo dump OS log... for /f "delims=: tokens=1,2" %%i in (alllogs.txt) do %SystemRoot%\System32\wevtutil.exe qe "%%i" /rd:false /f:text /c:100 /q:*[System[(Level=2)]] > %%j.log exit /b
Doria
- Edited by dydoria Friday, July 3, 2020 4:03 PM
Friday, July 3, 2020 3:58 PM -
You are welcome. :)
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.comFriday, July 3, 2020 3:59 PM -
The 'alllogs.txt' file captured by '%SystemRoot%\System32\wevtutil.exe el' command. The delimiter and the second token were added later.
AMSI/Debug:amsi_debug Application:application EndpointMapper:endpointmapper FirstUXPerf-Analytic:firstuxperf_analytic ForwardedEvents:forwardedevents HardwareEvents:hardwareevents Internet Explorer:internet_explorer Key Management Service:key_management_service Microsoft-Client-Licensing-Platform/Admin:microsoft_client_licensing_platform_admin Microsoft-Client-Licensing-Platform/Debug:microsoft_client_licensing_platform_debug Microsoft-Client-Licensing-Platform/Diagnostic:microsoft_client_licensing_platform_diagnostic Microsoft-Management-UI/Admin:microsoft_management_ui_admin Microsoft-Management-UI/Debug:microsoft_management_ui_debug Microsoft-OneCore-Setup/Analytic:microsoft_onecore_setup_analytic Microsoft-Pef-WFP-MessageProvider/Diagnostic:microsoft_pef_wfp_messageprovider_diagnostic Microsoft-Rdms-UI/Admin:microsoft_rdms_ui_admin Microsoft-Rdms-UI/Analytic:microsoft_rdms_ui_analytic Microsoft-Rdms-UI/Debug:microsoft_rdms_ui_debug Microsoft-Rdms-UI/Operational:microsoft_rdms_ui_operational Microsoft-Windows-ADSI/Debug:microsoft_windows_adsi_debug Microsoft-Windows-ASN1/Operational:microsoft_windows_asn1_operational Microsoft-Windows-ATAPort/General:microsoft_windows_ataport_general Microsoft-Windows-ATAPort/SATA-LPM:microsoft_windows_ataport_sata_lpm Microsoft-Windows-ActionQueue/Analytic:microsoft_windows_actionqueue_analytic Microsoft-Windows-All-User-Install-Agent/Admin:microsoft_windows_all_user_install_agent_admin Microsoft-Windows-AppID/Operational:microsoft_windows_appid_operational Microsoft-Windows-AppLocker/EXE and DLL:microsoft_windows_applocker_exe_and_dll Microsoft-Windows-AppLocker/MSI and Script:microsoft_windows_applocker_msi_and_script Microsoft-Windows-AppLocker/Packaged app-Deployment:microsoft_windows_applocker_packaged_app_deployment Microsoft-Windows-AppLocker/Packaged app-Execution:microsoft_windows_applocker_packaged_app_execution Microsoft-Windows-AppModel-Runtime/Admin:microsoft_windows_appmodel_runtime_admin Microsoft-Windows-AppModel-Runtime/Analytic:microsoft_windows_appmodel_runtime_analytic Microsoft-Windows-AppModel-Runtime/Debug:microsoft_windows_appmodel_runtime_debug Microsoft-Windows-AppModel-Runtime/Diagnostics:microsoft_windows_appmodel_runtime_diagnostics Microsoft-Windows-AppModel-State/Debug:microsoft_windows_appmodel_state_debug Microsoft-Windows-AppModel-State/Diagnostic:microsoft_windows_appmodel_state_diagnostic Microsoft-Windows-AppReadiness/Admin:microsoft_windows_appreadiness_admin Microsoft-Windows-AppReadiness/Debug:microsoft_windows_appreadiness_debug Microsoft-Windows-AppReadiness/Operational:microsoft_windows_appreadiness_operational Microsoft-Windows-AppXDeployment/Diagnostic:microsoft_windows_appxdeployment_diagnostic Microsoft-Windows-AppXDeployment/Operational:microsoft_windows_appxdeployment_operational Microsoft-Windows-AppXDeploymentServer/Debug:microsoft_windows_appxdeploymentserver_debug Microsoft-Windows-AppXDeploymentServer/Diagnostic:microsoft_windows_appxdeploymentserver_diagnostic Microsoft-Windows-AppXDeploymentServer/Operational:microsoft_windows_appxdeploymentserver_operational Microsoft-Windows-AppXDeploymentServer/Restricted:microsoft_windows_appxdeploymentserver_restricted Microsoft-Windows-Application Server-Applications/Admin:microsoft_windows_application_server_applications_admin Microsoft-Windows-Application Server-Applications/Analytic:microsoft_windows_application_server_applications_analytic Microsoft-Windows-Application Server-Applications/Debug:microsoft_windows_application_server_applications_debug Microsoft-Windows-Application Server-Applications/Operational:microsoft_windows_application_server_applications_operational Microsoft-Windows-AppxPackaging/Debug:microsoft_windows_appxpackaging_debug Microsoft-Windows-AppxPackaging/Operational:microsoft_windows_appxpackaging_operational Microsoft-Windows-AppxPackaging/Performance:microsoft_windows_appxpackaging_performance Microsoft-Windows-AsynchronousCausality/Causality:microsoft_windows_asynchronouscausality_causality Microsoft-Windows-Audit/Analytic:microsoft_windows_audit_analytic Microsoft-Windows-Authentication User Interface/Operational:microsoft_windows_authentication_user_interface_operational Microsoft-Windows-Authentication/AuthenticationPolicyFailures-DomainController:microsoft_windows_authentication_authenticationpolicyfailures_domaincontroller Microsoft-Windows-Authentication/ProtectedUser-Client:microsoft_windows_authentication_protecteduser_client Microsoft-Windows-Authentication/ProtectedUserFailures-DomainController:microsoft_windows_authentication_protecteduserfailures_domaincontroller Microsoft-Windows-Authentication/ProtectedUserSuccesses-DomainController:microsoft_windows_authentication_protectedusersuccesses_domaincontroller Microsoft-Windows-Backup:microsoft_windows_backup Microsoft-Windows-Base-Filtering-Engine-Connections/Operational:microsoft_windows_base_filtering_engine_connections_operational Microsoft-Windows-Base-Filtering-Engine-Resource-Flows/Operational:microsoft_windows_base_filtering_engine_resource_flows_operational Microsoft-Windows-Battery/Diagnostic:microsoft_windows_battery_diagnostic Microsoft-Windows-BestPractices/Operational:microsoft_windows_bestpractices_operational Microsoft-Windows-Bits-Client/Analytic:microsoft_windows_bits_client_analytic Microsoft-Windows-Bits-Client/Operational:microsoft_windows_bits_client_operational Microsoft-Windows-CAPI2/Catalog Database Debug:microsoft_windows_capi2_catalog_database_debug Microsoft-Windows-CAPI2/Operational:microsoft_windows_capi2_operational Microsoft-Windows-CDROM/Operational:microsoft_windows_cdrom_operational Microsoft-Windows-COM/Analytic:microsoft_windows_com_analytic Microsoft-Windows-COM/ApartmentInitialize:microsoft_windows_com_apartmentinitialize Microsoft-Windows-COM/ApartmentUninitialize:microsoft_windows_com_apartmentuninitialize Microsoft-Windows-COM/Call:microsoft_windows_com_call Microsoft-Windows-COM/CreateInstance:microsoft_windows_com_createinstance Microsoft-Windows-COM/ExtensionCatalog:microsoft_windows_com_extensioncatalog Microsoft-Windows-COM/FreeUnusedLibrary:microsoft_windows_com_freeunusedlibrary Microsoft-Windows-COM/RundownInstrumentation:microsoft_windows_com_rundowninstrumentation Microsoft-Windows-COMRuntime/Activations:microsoft_windows_comruntime_activations Microsoft-Windows-COMRuntime/MessageProcessing:microsoft_windows_comruntime_messageprocessing Microsoft-Windows-COMRuntime/Tracing:microsoft_windows_comruntime_tracing Microsoft-Windows-CertPoleEng/Operational:microsoft_windows_certpoleeng_operational Microsoft-Windows-CertificateServices-Deployment/Operational:microsoft_windows_certificateservices_deployment_operational Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational:microsoft_windows_certificateservicesclient_credentialroaming_operational Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational:microsoft_windows_certificateservicesclient_lifecycle_system_operational Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational:microsoft_windows_certificateservicesclient_lifecycle_user_operational Microsoft-Windows-CmiSetup/Analytic:microsoft_windows_cmisetup_analytic Microsoft-Windows-CodeIntegrity/Operational:microsoft_windows_codeintegrity_operational Microsoft-Windows-CodeIntegrity/Verbose:microsoft_windows_codeintegrity_verbose Microsoft-Windows-ComDlg32/Analytic:microsoft_windows_comdlg32_analytic Microsoft-Windows-ComDlg32/Debug:microsoft_windows_comdlg32_debug Microsoft-Windows-Containers-BindFlt/Debug:microsoft_windows_containers_bindflt_debug Microsoft-Windows-Containers-BindFlt/Operational:microsoft_windows_containers_bindflt_operational Microsoft-Windows-Containers-Wcifs/Debug:microsoft_windows_containers_wcifs_debug Microsoft-Windows-Containers-Wcifs/Operational:microsoft_windows_containers_wcifs_operational Microsoft-Windows-Containers-Wcnfs/Debug:microsoft_windows_containers_wcnfs_debug Microsoft-Windows-Containers-Wcnfs/Operational:microsoft_windows_containers_wcnfs_operational Microsoft-Windows-CoreApplication/Diagnostic:microsoft_windows_coreapplication_diagnostic Microsoft-Windows-CoreApplication/Operational:microsoft_windows_coreapplication_operational Microsoft-Windows-CoreApplication/Tracing:microsoft_windows_coreapplication_tracing Microsoft-Windows-Crashdump/Operational:microsoft_windows_crashdump_operational Microsoft-Windows-CredUI/Diagnostic:microsoft_windows_credui_diagnostic Microsoft-Windows-Crypto-BCRYPT/Analytic:microsoft_windows_crypto_bcrypt_analytic Microsoft-Windows-Crypto-DPAPI/BackUpKeySvc:microsoft_windows_crypto_dpapi_backupkeysvc Microsoft-Windows-Crypto-DPAPI/Debug:microsoft_windows_crypto_dpapi_debug Microsoft-Windows-Crypto-DPAPI/Operational:microsoft_windows_crypto_dpapi_operational Microsoft-Windows-Crypto-DSSEnh/Analytic:microsoft_windows_crypto_dssenh_analytic Microsoft-Windows-Crypto-NCrypt/Operational:microsoft_windows_crypto_ncrypt_operational Microsoft-Windows-Crypto-RSAEnh/Analytic:microsoft_windows_crypto_rsaenh_analytic Microsoft-Windows-DAL-Provider/Analytic:microsoft_windows_dal_provider_analytic Microsoft-Windows-DAL-Provider/Operational:microsoft_windows_dal_provider_operational Microsoft-Windows-DCLocator/Debug:microsoft_windows_dclocator_debug Microsoft-Windows-DNS-Client/Operational:microsoft_windows_dns_client_operational Microsoft-Windows-DSC/Admin:microsoft_windows_dsc_admin Microsoft-Windows-DSC/Analytic:microsoft_windows_dsc_analytic Microsoft-Windows-DSC/Debug:microsoft_windows_dsc_debug Microsoft-Windows-DSC/Operational:microsoft_windows_dsc_operational Microsoft-Windows-DUI/Diagnostic:microsoft_windows_dui_diagnostic Microsoft-Windows-DUSER/Diagnostic:microsoft_windows_duser_diagnostic Microsoft-Windows-DXGI/Analytic:microsoft_windows_dxgi_analytic Microsoft-Windows-DXGI/Logging:microsoft_windows_dxgi_logging Microsoft-Windows-DataIntegrityScan/Admin:microsoft_windows_dataintegrityscan_admin Microsoft-Windows-DataIntegrityScan/CrashRecovery:microsoft_windows_dataintegrityscan_crashrecovery Microsoft-Windows-DateTimeControlPanel/Analytic:microsoft_windows_datetimecontrolpanel_analytic Microsoft-Windows-DateTimeControlPanel/Debug:microsoft_windows_datetimecontrolpanel_debug Microsoft-Windows-DateTimeControlPanel/Operational:microsoft_windows_datetimecontrolpanel_operational Microsoft-Windows-Defrag-Core/Debug:microsoft_windows_defrag_core_debug Microsoft-Windows-Deplorch/Analytic:microsoft_windows_deplorch_analytic Microsoft-Windows-DeviceGuard/Operational:microsoft_windows_deviceguard_operational Microsoft-Windows-DeviceUpdateAgent/Operational:microsoft_windows_deviceupdateagent_operational Microsoft-Windows-Dhcp-Client/Admin:microsoft_windows_dhcp_client_admin Microsoft-Windows-Dhcp-Client/Operational:microsoft_windows_dhcp_client_operational Microsoft-Windows-Dhcpv6-Client/Admin:microsoft_windows_dhcpv6_client_admin Microsoft-Windows-Dhcpv6-Client/Operational:microsoft_windows_dhcpv6_client_operational Microsoft-Windows-Diagnosis-AdvancedTaskManager/Analytic:microsoft_windows_diagnosis_advancedtaskmanager_analytic Microsoft-Windows-Diagnosis-DPS/Analytic:microsoft_windows_diagnosis_dps_analytic Microsoft-Windows-Diagnosis-DPS/Debug:microsoft_windows_diagnosis_dps_debug Microsoft-Windows-Diagnosis-DPS/Operational:microsoft_windows_diagnosis_dps_operational Microsoft-Windows-Diagnosis-PCW/Analytic:microsoft_windows_diagnosis_pcw_analytic Microsoft-Windows-Diagnosis-PCW/Debug:microsoft_windows_diagnosis_pcw_debug Microsoft-Windows-Diagnosis-PCW/Operational:microsoft_windows_diagnosis_pcw_operational Microsoft-Windows-Diagnosis-PLA/Debug:microsoft_windows_diagnosis_pla_debug Microsoft-Windows-Diagnosis-PLA/Operational:microsoft_windows_diagnosis_pla_operational Microsoft-Windows-Diagnosis-Perfhost/Analytic:microsoft_windows_diagnosis_perfhost_analytic Microsoft-Windows-Diagnosis-WDI/Debug:microsoft_windows_diagnosis_wdi_debug Microsoft-Windows-Diagnostics-Networking/Debug:microsoft_windows_diagnostics_networking_debug Microsoft-Windows-Diagnostics-Networking/Operational:microsoft_windows_diagnostics_networking_operational Microsoft-Windows-Direct3D11/Analytic:microsoft_windows_direct3d11_analytic Microsoft-Windows-Direct3D11/Logging:microsoft_windows_direct3d11_logging Microsoft-Windows-Direct3D11/PerfTiming:microsoft_windows_direct3d11_perftiming Microsoft-Windows-Direct3D12/Analytic:microsoft_windows_direct3d12_analytic Microsoft-Windows-Direct3D12/Logging:microsoft_windows_direct3d12_logging Microsoft-Windows-Direct3D12/PerfTiming:microsoft_windows_direct3d12_perftiming Microsoft-Windows-Direct3D9/Analytic:microsoft_windows_direct3d9_analytic Microsoft-Windows-DirectManipulation/Diagnostic:microsoft_windows_directmanipulation_diagnostic Microsoft-Windows-DirectoryServices-Deployment/Operational:microsoft_windows_directoryservices_deployment_operational Microsoft-Windows-Disk/Operational:microsoft_windows_disk_operational Microsoft-Windows-Dism-Api/Analytic:microsoft_windows_dism_api_analytic Microsoft-Windows-Dism-Api/ExternalAnalytic:microsoft_windows_dism_api_externalanalytic Microsoft-Windows-Dism-Api/InternalAnalytic:microsoft_windows_dism_api_internalanalytic Microsoft-Windows-Dism-Cli/Analytic:microsoft_windows_dism_cli_analytic Microsoft-Windows-DriverFrameworks-UserMode/Operational:microsoft_windows_driverframeworks_usermode_operational Microsoft-Windows-Dwm-API/Diagnostic:microsoft_windows_dwm_api_diagnostic Microsoft-Windows-DxgKrnl/Contention:microsoft_windows_dxgkrnl_contention Microsoft-Windows-DxgKrnl/Diagnostic:microsoft_windows_dxgkrnl_diagnostic Microsoft-Windows-DxgKrnl/Performance:microsoft_windows_dxgkrnl_performance Microsoft-Windows-DxgKrnl/Power:microsoft_windows_dxgkrnl_power Microsoft-Windows-EFS/Debug:microsoft_windows_efs_debug Microsoft-Windows-ESE/IODiagnose:microsoft_windows_ese_iodiagnose Microsoft-Windows-ESE/Operational:microsoft_windows_ese_operational Microsoft-Windows-EapHost/Analytic:microsoft_windows_eaphost_analytic Microsoft-Windows-EapHost/Debug:microsoft_windows_eaphost_debug Microsoft-Windows-EapHost/Operational:microsoft_windows_eaphost_operational Microsoft-Windows-EapMethods-RasChap/Operational:microsoft_windows_eapmethods_raschap_operational Microsoft-Windows-EapMethods-RasTls/Operational:microsoft_windows_eapmethods_rastls_operational Microsoft-Windows-EapMethods-Sim/Operational:microsoft_windows_eapmethods_sim_operational Microsoft-Windows-EapMethods-Ttls/Operational:microsoft_windows_eapmethods_ttls_operational Microsoft-Windows-EventCollector/Debug:microsoft_windows_eventcollector_debug Microsoft-Windows-EventCollector/Operational:microsoft_windows_eventcollector_operational Microsoft-Windows-EventLog-WMIProvider/Debug:microsoft_windows_eventlog_wmiprovider_debug Microsoft-Windows-EventLog/Analytic:microsoft_windows_eventlog_analytic Microsoft-Windows-EventLog/Debug:microsoft_windows_eventlog_debug Microsoft-Windows-FMS/Analytic:microsoft_windows_fms_analytic Microsoft-Windows-FMS/Debug:microsoft_windows_fms_debug Microsoft-Windows-FMS/Operational:microsoft_windows_fms_operational Microsoft-Windows-FailoverClustering-Client/Diagnostic:microsoft_windows_failoverclustering_client_diagnostic Microsoft-Windows-FeatureConfiguration/Analytic:microsoft_windows_featureconfiguration_analytic Microsoft-Windows-FeatureConfiguration/Operational:microsoft_windows_featureconfiguration_operational Microsoft-Windows-FederationServices-Deployment/Operational:microsoft_windows_federationservices_deployment_operational Microsoft-Windows-FileInfoMinifilter/Operational:microsoft_windows_fileinfominifilter_operational Microsoft-Windows-FileServices-ServerManager-EventProvider/Admin:microsoft_windows_fileservices_servermanager_eventprovider_admin Microsoft-Windows-FileServices-ServerManager-EventProvider/Debug:microsoft_windows_fileservices_servermanager_eventprovider_debug Microsoft-Windows-FileServices-ServerManager-EventProvider/Operational:microsoft_windows_fileservices_servermanager_eventprovider_operational Microsoft-Windows-FileShareShadowCopyProvider/Operational:microsoft_windows_fileshareshadowcopyprovider_operational Microsoft-Windows-Forwarding/Debug:microsoft_windows_forwarding_debug Microsoft-Windows-Forwarding/Operational:microsoft_windows_forwarding_operational Microsoft-Windows-GPIO-ClassExtension/Analytic:microsoft_windows_gpio_classextension_analytic Microsoft-Windows-GenericRoaming/Admin:microsoft_windows_genericroaming_admin Microsoft-Windows-GroupPolicy/Operational:microsoft_windows_grouppolicy_operational Microsoft-Windows-HAL/Debug:microsoft_windows_hal_debug Microsoft-Windows-Help/Operational:microsoft_windows_help_operational Microsoft-Windows-Host-Network-Service-Admin:microsoft_windows_host_network_service_admin Microsoft-Windows-Host-Network-Service-Analytic:microsoft_windows_host_network_service_analytic Microsoft-Windows-Host-Network-Service-Operational:microsoft_windows_host_network_service_operational Microsoft-Windows-HttpService/Log:microsoft_windows_httpservice_log Microsoft-Windows-HttpService/Trace:microsoft_windows_httpservice_trace Microsoft-Windows-Hyper-V-Compute-Admin:microsoft_windows_hyper_v_compute_admin Microsoft-Windows-Hyper-V-Compute-Analytic:microsoft_windows_hyper_v_compute_analytic Microsoft-Windows-Hyper-V-Compute-Operational:microsoft_windows_hyper_v_compute_operational Microsoft-Windows-Hyper-V-Guest-Drivers/Admin:microsoft_windows_hyper_v_guest_drivers_admin Microsoft-Windows-Hyper-V-Guest-Drivers/Analytic:microsoft_windows_hyper_v_guest_drivers_analytic Microsoft-Windows-Hyper-V-Guest-Drivers/Debug:microsoft_windows_hyper_v_guest_drivers_debug Microsoft-Windows-Hyper-V-Guest-Drivers/Diagnose:microsoft_windows_hyper_v_guest_drivers_diagnose Microsoft-Windows-Hyper-V-Guest-Drivers/Operational:microsoft_windows_hyper_v_guest_drivers_operational Microsoft-Windows-Hyper-V-Hypervisor-Admin:microsoft_windows_hyper_v_hypervisor_admin Microsoft-Windows-Hyper-V-Hypervisor-Analytic:microsoft_windows_hyper_v_hypervisor_analytic Microsoft-Windows-Hyper-V-Hypervisor-Operational:microsoft_windows_hyper_v_hypervisor_operational Microsoft-Windows-Hyper-V-NETVSC/Diagnostic:microsoft_windows_hyper_v_netvsc_diagnostic Microsoft-Windows-Hyper-V-VfpExt-Analytic:microsoft_windows_hyper_v_vfpext_analytic Microsoft-Windows-Hyper-V-VmSwitch-Diagnostic:microsoft_windows_hyper_v_vmswitch_diagnostic Microsoft-Windows-Hyper-V-VmSwitch-Diagnostic-Traffic:microsoft_windows_hyper_v_vmswitch_diagnostic_traffic Microsoft-Windows-Hyper-V-VmSwitch-Operational:microsoft_windows_hyper_v_vmswitch_operational Microsoft-Windows-IKE/Operational:microsoft_windows_ike_operational Microsoft-Windows-IKEDBG/Debug:microsoft_windows_ikedbg_debug Microsoft-Windows-IME-Broker/Analytic:microsoft_windows_ime_broker_analytic Microsoft-Windows-IME-CandidateUI/Analytic:microsoft_windows_ime_candidateui_analytic Microsoft-Windows-IME-JPAPI/Analytic:microsoft_windows_ime_jpapi_analytic Microsoft-Windows-IME-JPLMP/Analytic:microsoft_windows_ime_jplmp_analytic Microsoft-Windows-IME-JPPRED/Analytic:microsoft_windows_ime_jppred_analytic Microsoft-Windows-IME-JPTIP/Analytic:microsoft_windows_ime_jptip_analytic Microsoft-Windows-IME-KRAPI/Analytic:microsoft_windows_ime_krapi_analytic Microsoft-Windows-IME-KRTIP/Analytic:microsoft_windows_ime_krtip_analytic Microsoft-Windows-IME-TCCORE/Analytic:microsoft_windows_ime_tccore_analytic Microsoft-Windows-IME-TCTIP/Analytic:microsoft_windows_ime_tctip_analytic Microsoft-Windows-IME-TIP/Analytic:microsoft_windows_ime_tip_analytic Microsoft-Windows-IPNAT/Diagnostic:microsoft_windows_ipnat_diagnostic Microsoft-Windows-IPSEC-SRV/Diagnostic:microsoft_windows_ipsec_srv_diagnostic Microsoft-Windows-InputSwitch/Diagnostic:microsoft_windows_inputswitch_diagnostic Microsoft-Windows-International-RegionalOptionsControlPanel/Operational:microsoft_windows_international_regionaloptionscontrolpanel_operational Microsoft-Windows-International/Operational:microsoft_windows_international_operational Microsoft-Windows-Iphlpsvc/Debug:microsoft_windows_iphlpsvc_debug Microsoft-Windows-Iphlpsvc/Operational:microsoft_windows_iphlpsvc_operational Microsoft-Windows-Iphlpsvc/Trace:microsoft_windows_iphlpsvc_trace Microsoft-Windows-KdsSvc/Operational:microsoft_windows_kdssvc_operational Microsoft-Windows-Kerberos-KdcProxy/Operational:microsoft_windows_kerberos_kdcproxy_operational Microsoft-Windows-Kerberos/Operational:microsoft_windows_kerberos_operational Microsoft-Windows-Kernel-Acpi/Diagnostic:microsoft_windows_kernel_acpi_diagnostic Microsoft-Windows-Kernel-AppCompat/General:microsoft_windows_kernel_appcompat_general Microsoft-Windows-Kernel-AppCompat/Performance:microsoft_windows_kernel_appcompat_performance Microsoft-Windows-Kernel-ApphelpCache/Analytic:microsoft_windows_kernel_apphelpcache_analytic Microsoft-Windows-Kernel-ApphelpCache/Debug:microsoft_windows_kernel_apphelpcache_debug Microsoft-Windows-Kernel-ApphelpCache/Operational:microsoft_windows_kernel_apphelpcache_operational Microsoft-Windows-Kernel-Boot/Analytic:microsoft_windows_kernel_boot_analytic Microsoft-Windows-Kernel-Boot/Operational:microsoft_windows_kernel_boot_operational Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic:microsoft_windows_kernel_bootdiagnostics_diagnostic Microsoft-Windows-Kernel-Disk/Analytic:microsoft_windows_kernel_disk_analytic Microsoft-Windows-Kernel-EventTracing/Admin:microsoft_windows_kernel_eventtracing_admin Microsoft-Windows-Kernel-EventTracing/Analytic:microsoft_windows_kernel_eventtracing_analytic Microsoft-Windows-Kernel-File/Analytic:microsoft_windows_kernel_file_analytic Microsoft-Windows-Kernel-IO/Operational:microsoft_windows_kernel_io_operational Microsoft-Windows-Kernel-Interrupt-Steering/Diagnostic:microsoft_windows_kernel_interrupt_steering_diagnostic Microsoft-Windows-Kernel-IoTrace/Diagnostic:microsoft_windows_kernel_iotrace_diagnostic Microsoft-Windows-Kernel-LiveDump/Analytic:microsoft_windows_kernel_livedump_analytic Microsoft-Windows-Kernel-Memory/Analytic:microsoft_windows_kernel_memory_analytic Microsoft-Windows-Kernel-Network/Analytic:microsoft_windows_kernel_network_analytic Microsoft-Windows-Kernel-Pdc/Diagnostic:microsoft_windows_kernel_pdc_diagnostic Microsoft-Windows-Kernel-Pep/Diagnostic:microsoft_windows_kernel_pep_diagnostic Microsoft-Windows-Kernel-PnP/Boot Diagnostic:microsoft_windows_kernel_pnp_boot_diagnostic Microsoft-Windows-Kernel-PnP/Configuration:microsoft_windows_kernel_pnp_configuration Microsoft-Windows-Kernel-PnP/Configuration Diagnostic:microsoft_windows_kernel_pnp_configuration_diagnostic Microsoft-Windows-Kernel-PnP/Device Enumeration Diagnostic:microsoft_windows_kernel_pnp_device_enumeration_diagnostic Microsoft-Windows-Kernel-PnP/Driver Diagnostic:microsoft_windows_kernel_pnp_driver_diagnostic Microsoft-Windows-Kernel-Power/Diagnostic:microsoft_windows_kernel_power_diagnostic Microsoft-Windows-Kernel-Power/Thermal-Diagnostic:microsoft_windows_kernel_power_thermal_diagnostic Microsoft-Windows-Kernel-Power/Thermal-Operational:microsoft_windows_kernel_power_thermal_operational Microsoft-Windows-Kernel-Prefetch/Diagnostic:microsoft_windows_kernel_prefetch_diagnostic Microsoft-Windows-Kernel-Process/Analytic:microsoft_windows_kernel_process_analytic Microsoft-Windows-Kernel-Processor-Power/Diagnostic:microsoft_windows_kernel_processor_power_diagnostic Microsoft-Windows-Kernel-Registry/Analytic:microsoft_windows_kernel_registry_analytic Microsoft-Windows-Kernel-Registry/Performance:microsoft_windows_kernel_registry_performance Microsoft-Windows-Kernel-ShimEngine/Debug:microsoft_windows_kernel_shimengine_debug Microsoft-Windows-Kernel-ShimEngine/Diagnostic:microsoft_windows_kernel_shimengine_diagnostic Microsoft-Windows-Kernel-ShimEngine/Operational:microsoft_windows_kernel_shimengine_operational Microsoft-Windows-Kernel-StoreMgr/Analytic:microsoft_windows_kernel_storemgr_analytic Microsoft-Windows-Kernel-StoreMgr/Operational:microsoft_windows_kernel_storemgr_operational Microsoft-Windows-Kernel-WDI/Analytic:microsoft_windows_kernel_wdi_analytic Microsoft-Windows-Kernel-WDI/Debug:microsoft_windows_kernel_wdi_debug Microsoft-Windows-Kernel-WDI/Operational:microsoft_windows_kernel_wdi_operational Microsoft-Windows-Kernel-WHEA/Errors:microsoft_windows_kernel_whea_errors Microsoft-Windows-Kernel-WHEA/Operational:microsoft_windows_kernel_whea_operational Microsoft-Windows-Kernel-XDV/Analytic:microsoft_windows_kernel_xdv_analytic Microsoft-Windows-Known Folders API Service:microsoft_windows_known_folders_api_service Microsoft-Windows-L2NA/Diagnostic:microsoft_windows_l2na_diagnostic Microsoft-Windows-LDAP-Client/Debug:microsoft_windows_ldap_client_debug Microsoft-Windows-LSA/Diagnostic:microsoft_windows_lsa_diagnostic Microsoft-Windows-LSA/Operational:microsoft_windows_lsa_operational Microsoft-Windows-LSA/Performance:microsoft_windows_lsa_performance Microsoft-Windows-LanguagePackSetup/Analytic:microsoft_windows_languagepacksetup_analytic Microsoft-Windows-LanguagePackSetup/Debug:microsoft_windows_languagepacksetup_debug Microsoft-Windows-LanguagePackSetup/Operational:microsoft_windows_languagepacksetup_operational Microsoft-Windows-LimitsManagement/Diagnostic:microsoft_windows_limitsmanagement_diagnostic Microsoft-Windows-MPS-CLNT/Diagnostic:microsoft_windows_mps_clnt_diagnostic Microsoft-Windows-MPS-DRV/Diagnostic:microsoft_windows_mps_drv_diagnostic Microsoft-Windows-MPS-SRV/Diagnostic:microsoft_windows_mps_srv_diagnostic Microsoft-Windows-MSFTEDIT/Diagnostic:microsoft_windows_msftedit_diagnostic Microsoft-Windows-MUI/Admin:microsoft_windows_mui_admin Microsoft-Windows-MUI/Analytic:microsoft_windows_mui_analytic Microsoft-Windows-MUI/Debug:microsoft_windows_mui_debug Microsoft-Windows-MUI/Operational:microsoft_windows_mui_operational Microsoft-Windows-ManagementTools-RegistryProvider/Analytic:microsoft_windows_managementtools_registryprovider_analytic Microsoft-Windows-ManagementTools-RegistryProvider/Operational:microsoft_windows_managementtools_registryprovider_operational Microsoft-Windows-ManagementTools-TaskManagerProvider/Analytic:microsoft_windows_managementtools_taskmanagerprovider_analytic Microsoft-Windows-ManagementTools-TaskManagerProvider/Debug:microsoft_windows_managementtools_taskmanagerprovider_debug Microsoft-Windows-ManagementTools-TaskManagerProvider/Operational:microsoft_windows_managementtools_taskmanagerprovider_operational Microsoft-Windows-MiStreamProvider/Debug:microsoft_windows_mistreamprovider_debug Microsoft-Windows-MiStreamProvider/Operational:microsoft_windows_mistreamprovider_operational Microsoft-Windows-Minstore/Analytic:microsoft_windows_minstore_analytic Microsoft-Windows-Minstore/Debug:microsoft_windows_minstore_debug Microsoft-Windows-MsLbfoProvider/Operational:microsoft_windows_mslbfoprovider_operational Microsoft-Windows-NDF-HelperClassDiscovery/Debug:microsoft_windows_ndf_helperclassdiscovery_debug Microsoft-Windows-NDIS-PacketCapture/Diagnostic:microsoft_windows_ndis_packetcapture_diagnostic Microsoft-Windows-NDIS/Diagnostic:microsoft_windows_ndis_diagnostic Microsoft-Windows-NDIS/Operational:microsoft_windows_ndis_operational Microsoft-Windows-NTLM/Operational:microsoft_windows_ntlm_operational Microsoft-Windows-Ncasvc/Operational:microsoft_windows_ncasvc_operational Microsoft-Windows-NdisImPlatform/Operational:microsoft_windows_ndisimplatform_operational Microsoft-Windows-Network-Setup/Diagnostic:microsoft_windows_network_setup_diagnostic Microsoft-Windows-NetworkProfile/Diagnostic:microsoft_windows_networkprofile_diagnostic Microsoft-Windows-NetworkProfile/Operational:microsoft_windows_networkprofile_operational Microsoft-Windows-NetworkProvider/Operational:microsoft_windows_networkprovider_operational Microsoft-Windows-NetworkSecurity/Debug:microsoft_windows_networksecurity_debug Microsoft-Windows-Networking-Correlation/Diagnostic:microsoft_windows_networking_correlation_diagnostic Microsoft-Windows-NlaSvc/Diagnostic:microsoft_windows_nlasvc_diagnostic Microsoft-Windows-NlaSvc/Operational:microsoft_windows_nlasvc_operational Microsoft-Windows-Ntfs/Operational:microsoft_windows_ntfs_operational Microsoft-Windows-Ntfs/Performance:microsoft_windows_ntfs_performance Microsoft-Windows-Ntfs/WHC:microsoft_windows_ntfs_whc Microsoft-Windows-OLE/Clipboard-Performance:microsoft_windows_ole_clipboard_performance Microsoft-Windows-OLEACC/Debug:microsoft_windows_oleacc_debug Microsoft-Windows-OLEACC/Diagnostic:microsoft_windows_oleacc_diagnostic Microsoft-Windows-OOBE-Machine-Core/Diagnostic:microsoft_windows_oobe_machine_core_diagnostic Microsoft-Windows-OobeLdr/Analytic:microsoft_windows_oobeldr_analytic Microsoft-Windows-PCI/Diagnostic:microsoft_windows_pci_diagnostic Microsoft-Windows-Partition/Analytic:microsoft_windows_partition_analytic Microsoft-Windows-Partition/Diagnostic:microsoft_windows_partition_diagnostic Microsoft-Windows-PersistentMemory-Nvdimm/Analytic:microsoft_windows_persistentmemory_nvdimm_analytic Microsoft-Windows-PersistentMemory-Nvdimm/Diagnostic:microsoft_windows_persistentmemory_nvdimm_diagnostic Microsoft-Windows-PersistentMemory-Nvdimm/Operational:microsoft_windows_persistentmemory_nvdimm_operational Microsoft-Windows-PersistentMemory-PmemDisk/Analytic:microsoft_windows_persistentmemory_pmemdisk_analytic Microsoft-Windows-PersistentMemory-PmemDisk/Diagnostic:microsoft_windows_persistentmemory_pmemdisk_diagnostic Microsoft-Windows-PersistentMemory-PmemDisk/Operational:microsoft_windows_persistentmemory_pmemdisk_operational Microsoft-Windows-PersistentMemory-ScmBus/Analytic:microsoft_windows_persistentmemory_scmbus_analytic Microsoft-Windows-PersistentMemory-ScmBus/Certification:microsoft_windows_persistentmemory_scmbus_certification Microsoft-Windows-PersistentMemory-ScmBus/Diagnose:microsoft_windows_persistentmemory_scmbus_diagnose Microsoft-Windows-PersistentMemory-ScmBus/Operational:microsoft_windows_persistentmemory_scmbus_operational Microsoft-Windows-Policy/Analytic:microsoft_windows_policy_analytic Microsoft-Windows-Policy/Operational:microsoft_windows_policy_operational Microsoft-Windows-Power-Meter-Polling/Diagnostic:microsoft_windows_power_meter_polling_diagnostic Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Analytic:microsoft_windows_powershell_desiredstateconfiguration_filedownloadmanager_analytic Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Debug:microsoft_windows_powershell_desiredstateconfiguration_filedownloadmanager_debug Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Operational:microsoft_windows_powershell_desiredstateconfiguration_filedownloadmanager_operational Microsoft-Windows-PowerShell/Admin:microsoft_windows_powershell_admin Microsoft-Windows-PowerShell/Analytic:microsoft_windows_powershell_analytic Microsoft-Windows-PowerShell/Debug:microsoft_windows_powershell_debug Microsoft-Windows-PowerShell/Operational:microsoft_windows_powershell_operational Microsoft-Windows-PriResources-Deployment/Diagnostic:microsoft_windows_priresources_deployment_diagnostic Microsoft-Windows-PriResources-Deployment/Operational:microsoft_windows_priresources_deployment_operational Microsoft-Windows-QoS-Pacer/Diagnostic:microsoft_windows_qos_pacer_diagnostic Microsoft-Windows-RPC-Proxy/Debug:microsoft_windows_rpc_proxy_debug Microsoft-Windows-RPC/Debug:microsoft_windows_rpc_debug Microsoft-Windows-RPC/EEInfo:microsoft_windows_rpc_eeinfo Microsoft-Windows-RRAS/Debug:microsoft_windows_rras_debug Microsoft-Windows-RRAS/Operational:microsoft_windows_rras_operational Microsoft-Windows-Ras-NdisWanPacketCapture/Diagnostic:microsoft_windows_ras_ndiswanpacketcapture_diagnostic Microsoft-Windows-RasAgileVpn/Debug:microsoft_windows_rasagilevpn_debug Microsoft-Windows-RasAgileVpn/Operational:microsoft_windows_rasagilevpn_operational Microsoft-Windows-ReFS/Operational:microsoft_windows_refs_operational Microsoft-Windows-ReadyBoost/Analytic:microsoft_windows_readyboost_analytic Microsoft-Windows-ReadyBoost/Operational:microsoft_windows_readyboost_operational Microsoft-Windows-Regsvr32/Operational:microsoft_windows_regsvr32_operational Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin:microsoft_windows_remotedesktopservices_rdpcorets_admin Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Debug:microsoft_windows_remotedesktopservices_rdpcorets_debug Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational:microsoft_windows_remotedesktopservices_rdpcorets_operational Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc/Admin:microsoft_windows_remotedesktopservices_remotefx_synth3dvsc_admin Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-Kernel-Mode-Transport/Debug:microsoft_windows_remotedesktopservices_remotefx_vm_kernel_mode_transport_debug Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-Transport/Debug:microsoft_windows_remotedesktopservices_remotefx_vm_user_mode_transport_debug Microsoft-Windows-RemoteDesktopServices-SessionServices/Operational:microsoft_windows_remotedesktopservices_sessionservices_operational Microsoft-Windows-Remotefs-Rdbss/Diagnostic:microsoft_windows_remotefs_rdbss_diagnostic Microsoft-Windows-Remotefs-Rdbss/Operational:microsoft_windows_remotefs_rdbss_operational Microsoft-Windows-Resource-Exhaustion-Detector/Operational:microsoft_windows_resource_exhaustion_detector_operational Microsoft-Windows-RestartManager/Operational:microsoft_windows_restartmanager_operational Microsoft-Windows-Runtime-Graphics/Analytic:microsoft_windows_runtime_graphics_analytic Microsoft-Windows-Runtime/CreateInstance:microsoft_windows_runtime_createinstance Microsoft-Windows-Runtime/Error:microsoft_windows_runtime_error Microsoft-Windows-SENSE/Operational:microsoft_windows_sense_operational Microsoft-Windows-SMBClient/Analytic:microsoft_windows_smbclient_analytic Microsoft-Windows-SMBClient/HelperClassDiagnostic:microsoft_windows_smbclient_helperclassdiagnostic Microsoft-Windows-SMBClient/ObjectStateDiagnostic:microsoft_windows_smbclient_objectstatediagnostic Microsoft-Windows-SMBClient/Operational:microsoft_windows_smbclient_operational Microsoft-Windows-SMBDirect/Admin:microsoft_windows_smbdirect_admin Microsoft-Windows-SMBDirect/Debug:microsoft_windows_smbdirect_debug Microsoft-Windows-SMBDirect/Netmon:microsoft_windows_smbdirect_netmon Microsoft-Windows-SMBServer/Analytic:microsoft_windows_smbserver_analytic Microsoft-Windows-SMBServer/Audit:microsoft_windows_smbserver_audit Microsoft-Windows-SMBServer/Connectivity:microsoft_windows_smbserver_connectivity Microsoft-Windows-SMBServer/Diagnostic:microsoft_windows_smbserver_diagnostic Microsoft-Windows-SMBServer/Operational:microsoft_windows_smbserver_operational Microsoft-Windows-SMBServer/Performance:microsoft_windows_smbserver_performance Microsoft-Windows-SMBServer/Security:microsoft_windows_smbserver_security Microsoft-Windows-SMBWitnessClient/Admin:microsoft_windows_smbwitnessclient_admin Microsoft-Windows-SMBWitnessClient/Informational:microsoft_windows_smbwitnessclient_informational Microsoft-Windows-SPB-ClassExtension/Analytic:microsoft_windows_spb_classextension_analytic Microsoft-Windows-Schannel-Events/Perf:microsoft_windows_schannel_events_perf Microsoft-Windows-Security-Adminless/Operational:microsoft_windows_security_adminless_operational Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic:microsoft_windows_security_audit_configuration_client_diagnostic Microsoft-Windows-Security-Audit-Configuration-Client/Operational:microsoft_windows_security_audit_configuration_client_operational Microsoft-Windows-Security-LessPrivilegedAppContainer/Operational:microsoft_windows_security_lessprivilegedappcontainer_operational Microsoft-Windows-Security-Mitigations/KernelMode:microsoft_windows_security_mitigations_kernelmode Microsoft-Windows-Security-Mitigations/UserMode:microsoft_windows_security_mitigations_usermode Microsoft-Windows-Security-Netlogon/Operational:microsoft_windows_security_netlogon_operational Microsoft-Windows-Security-SPP-UX-Notifications/ActionCenter:microsoft_windows_security_spp_ux_notifications_actioncenter Microsoft-Windows-Security-SPP-UX/Analytic:microsoft_windows_security_spp_ux_analytic Microsoft-Windows-Security-SPP/Perf:microsoft_windows_security_spp_perf Microsoft-Windows-Security-Vault/Performance:microsoft_windows_security_vault_performance Microsoft-Windows-Sens/Debug:microsoft_windows_sens_debug Microsoft-Windows-SenseIR/Operational:microsoft_windows_senseir_operational Microsoft-Windows-Serial-ClassExtension/Analytic:microsoft_windows_serial_classextension_analytic Microsoft-Windows-ServerManager-ConfigureSMRemoting/Debug:microsoft_windows_servermanager_configuresmremoting_debug Microsoft-Windows-ServerManager-ConfigureSMRemoting/Operational:microsoft_windows_servermanager_configuresmremoting_operational Microsoft-Windows-ServerManager-DeploymentProvider/Debug:microsoft_windows_servermanager_deploymentprovider_debug Microsoft-Windows-ServerManager-DeploymentProvider/Operational:microsoft_windows_servermanager_deploymentprovider_operational Microsoft-Windows-ServerManager-MgmtProvider/Debug:microsoft_windows_servermanager_mgmtprovider_debug Microsoft-Windows-ServerManager-MgmtProvider/Operational:microsoft_windows_servermanager_mgmtprovider_operational Microsoft-Windows-ServerManager-MultiMachine/Admin:microsoft_windows_servermanager_multimachine_admin Microsoft-Windows-ServerManager-MultiMachine/Debug:microsoft_windows_servermanager_multimachine_debug Microsoft-Windows-ServerManager-MultiMachine/Operational:microsoft_windows_servermanager_multimachine_operational Microsoft-Windows-ServiceReportingApi/Debug:microsoft_windows_servicereportingapi_debug Microsoft-Windows-Services-Svchost/Diagnostic:microsoft_windows_services_svchost_diagnostic Microsoft-Windows-Services/Diagnostic:microsoft_windows_services_diagnostic Microsoft-Windows-Servicing/Debug:microsoft_windows_servicing_debug Microsoft-Windows-Setup/Analytic:microsoft_windows_setup_analytic Microsoft-Windows-SetupCl/Analytic:microsoft_windows_setupcl_analytic Microsoft-Windows-SetupPlatform/Analytic:microsoft_windows_setupplatform_analytic Microsoft-Windows-SetupQueue/Analytic:microsoft_windows_setupqueue_analytic Microsoft-Windows-SetupUGC/Analytic:microsoft_windows_setupugc_analytic Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic:microsoft_windows_shell_authui_bootanim_diagnostic Microsoft-Windows-Shell-AuthUI-Common/Diagnostic:microsoft_windows_shell_authui_common_diagnostic Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic:microsoft_windows_shell_authui_credui_diagnostic Microsoft-Windows-Shell-AuthUI-CredentialProviderUser/Diagnostic:microsoft_windows_shell_authui_credentialprovideruser_diagnostic Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic:microsoft_windows_shell_authui_logon_diagnostic Microsoft-Windows-Shell-AuthUI-LogonUI/Diagnostic:microsoft_windows_shell_authui_logonui_diagnostic Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic:microsoft_windows_shell_authui_shutdown_diagnostic Microsoft-Windows-Shell-OpenWith/Diagnostic:microsoft_windows_shell_openwith_diagnostic Microsoft-Windows-SilProvider/Debug:microsoft_windows_silprovider_debug Microsoft-Windows-SilProvider/Operational:microsoft_windows_silprovider_operational Microsoft-Windows-SleepStudy/Diagnostic:microsoft_windows_sleepstudy_diagnostic Microsoft-Windows-SmartCard-Audit/Authentication:microsoft_windows_smartcard_audit_authentication Microsoft-Windows-SmartCard-DeviceEnum/Operational:microsoft_windows_smartcard_deviceenum_operational Microsoft-Windows-SmbClient/Audit:microsoft_windows_smbclient_audit Microsoft-Windows-SmbClient/Connectivity:microsoft_windows_smbclient_connectivity Microsoft-Windows-SmbClient/Diagnostic:microsoft_windows_smbclient_diagnostic Microsoft-Windows-SmbClient/Security:microsoft_windows_smbclient_security Microsoft-Windows-SruMon/Diagnostic:microsoft_windows_srumon_diagnostic Microsoft-Windows-StateRepository/Debug:microsoft_windows_staterepository_debug Microsoft-Windows-StateRepository/Diagnostic:microsoft_windows_staterepository_diagnostic Microsoft-Windows-StateRepository/Operational:microsoft_windows_staterepository_operational Microsoft-Windows-StateRepository/Restricted:microsoft_windows_staterepository_restricted Microsoft-Windows-StorDiag/Operational:microsoft_windows_stordiag_operational Microsoft-Windows-StorPort/Operational:microsoft_windows_storport_operational Microsoft-Windows-Storage-ATAPort/Admin:microsoft_windows_storage_ataport_admin Microsoft-Windows-Storage-ATAPort/Analytic:microsoft_windows_storage_ataport_analytic Microsoft-Windows-Storage-ATAPort/Debug:microsoft_windows_storage_ataport_debug Microsoft-Windows-Storage-ATAPort/Diagnose:microsoft_windows_storage_ataport_diagnose Microsoft-Windows-Storage-ATAPort/Operational:microsoft_windows_storage_ataport_operational Microsoft-Windows-Storage-ClassPnP/Admin:microsoft_windows_storage_classpnp_admin Microsoft-Windows-Storage-ClassPnP/Analytic:microsoft_windows_storage_classpnp_analytic Microsoft-Windows-Storage-ClassPnP/Debug:microsoft_windows_storage_classpnp_debug Microsoft-Windows-Storage-ClassPnP/Diagnose:microsoft_windows_storage_classpnp_diagnose Microsoft-Windows-Storage-ClassPnP/Operational:microsoft_windows_storage_classpnp_operational Microsoft-Windows-Storage-Disk/Admin:microsoft_windows_storage_disk_admin Microsoft-Windows-Storage-Disk/Analytic:microsoft_windows_storage_disk_analytic Microsoft-Windows-Storage-Disk/Debug:microsoft_windows_storage_disk_debug Microsoft-Windows-Storage-Disk/Diagnose:microsoft_windows_storage_disk_diagnose Microsoft-Windows-Storage-Disk/Operational:microsoft_windows_storage_disk_operational Microsoft-Windows-Storage-Storport/Admin:microsoft_windows_storage_storport_admin Microsoft-Windows-Storage-Storport/Analytic:microsoft_windows_storage_storport_analytic Microsoft-Windows-Storage-Storport/Debug:microsoft_windows_storage_storport_debug Microsoft-Windows-Storage-Storport/Diagnose:microsoft_windows_storage_storport_diagnose Microsoft-Windows-Storage-Storport/Health:microsoft_windows_storage_storport_health Microsoft-Windows-Storage-Storport/Operational:microsoft_windows_storage_storport_operational Microsoft-Windows-Storage-Tiering-IoHeat/Heat:microsoft_windows_storage_tiering_ioheat_heat Microsoft-Windows-Storage-Tiering/Admin:microsoft_windows_storage_tiering_admin Microsoft-Windows-StorageManagement/Debug:microsoft_windows_storagemanagement_debug Microsoft-Windows-StorageManagement/Operational:microsoft_windows_storagemanagement_operational Microsoft-Windows-StorageSpaces-Driver/Diagnostic:microsoft_windows_storagespaces_driver_diagnostic Microsoft-Windows-StorageSpaces-Driver/Operational:microsoft_windows_storagespaces_driver_operational Microsoft-Windows-StorageSpaces-Driver/Performance:microsoft_windows_storagespaces_driver_performance Microsoft-Windows-StorageSpaces-ManagementAgent/WHC:microsoft_windows_storagespaces_managementagent_whc Microsoft-Windows-StorageSpaces-SpaceManager/Diagnostic:microsoft_windows_storagespaces_spacemanager_diagnostic Microsoft-Windows-StorageSpaces-SpaceManager/Operational:microsoft_windows_storagespaces_spacemanager_operational Microsoft-Windows-Subsys-Csr/Operational:microsoft_windows_subsys_csr_operational Microsoft-Windows-Subsys-SMSS/Operational:microsoft_windows_subsys_smss_operational Microsoft-Windows-Superfetch/Main:microsoft_windows_superfetch_main Microsoft-Windows-Superfetch/PfApLog:microsoft_windows_superfetch_pfaplog Microsoft-Windows-Superfetch/StoreLog:microsoft_windows_superfetch_storelog Microsoft-Windows-Sysprep/Analytic:microsoft_windows_sysprep_analytic Microsoft-Windows-SystemDataArchiver/Diagnostic:microsoft_windows_systemdataarchiver_diagnostic Microsoft-Windows-TCPIP/Diagnostic:microsoft_windows_tcpip_diagnostic Microsoft-Windows-TCPIP/Operational:microsoft_windows_tcpip_operational Microsoft-Windows-TSF-msctf/Debug:microsoft_windows_tsf_msctf_debug Microsoft-Windows-TSF-msctf/Diagnostic:microsoft_windows_tsf_msctf_diagnostic Microsoft-Windows-TSF-msutb/Debug:microsoft_windows_tsf_msutb_debug Microsoft-Windows-TSF-msutb/Diagnostic:microsoft_windows_tsf_msutb_diagnostic Microsoft-Windows-TWinAPI/Diagnostic:microsoft_windows_twinapi_diagnostic Microsoft-Windows-TZSync/Analytic:microsoft_windows_tzsync_analytic Microsoft-Windows-TZSync/Operational:microsoft_windows_tzsync_operational Microsoft-Windows-TZUtil/Operational:microsoft_windows_tzutil_operational Microsoft-Windows-TaskScheduler/Debug:microsoft_windows_taskscheduler_debug Microsoft-Windows-TaskScheduler/Diagnostic:microsoft_windows_taskscheduler_diagnostic Microsoft-Windows-TaskScheduler/Maintenance:microsoft_windows_taskscheduler_maintenance Microsoft-Windows-TaskScheduler/Operational:microsoft_windows_taskscheduler_operational Microsoft-Windows-TerminalServices-LocalSessionManager/Admin:microsoft_windows_terminalservices_localsessionmanager_admin Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic:microsoft_windows_terminalservices_localsessionmanager_analytic Microsoft-Windows-TerminalServices-LocalSessionManager/Debug:microsoft_windows_terminalservices_localsessionmanager_debug Microsoft-Windows-TerminalServices-LocalSessionManager/Operational:microsoft_windows_terminalservices_localsessionmanager_operational Microsoft-Windows-TerminalServices-PnPDevices/Admin:microsoft_windows_terminalservices_pnpdevices_admin Microsoft-Windows-TerminalServices-PnPDevices/Analytic:microsoft_windows_terminalservices_pnpdevices_analytic Microsoft-Windows-TerminalServices-PnPDevices/Debug:microsoft_windows_terminalservices_pnpdevices_debug Microsoft-Windows-TerminalServices-PnPDevices/Operational:microsoft_windows_terminalservices_pnpdevices_operational Microsoft-Windows-TerminalServices-Printers/Admin:microsoft_windows_terminalservices_printers_admin Microsoft-Windows-TerminalServices-Printers/Analytic:microsoft_windows_terminalservices_printers_analytic Microsoft-Windows-TerminalServices-Printers/Debug:microsoft_windows_terminalservices_printers_debug Microsoft-Windows-TerminalServices-Printers/Operational:microsoft_windows_terminalservices_printers_operational Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin:microsoft_windows_terminalservices_remoteconnectionmanager_admin Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic:microsoft_windows_terminalservices_remoteconnectionmanager_analytic Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug:microsoft_windows_terminalservices_remoteconnectionmanager_debug Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational:microsoft_windows_terminalservices_remoteconnectionmanager_operational Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin:microsoft_windows_terminalservices_serverusbdevices_admin Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic:microsoft_windows_terminalservices_serverusbdevices_analytic Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug:microsoft_windows_terminalservices_serverusbdevices_debug Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational:microsoft_windows_terminalservices_serverusbdevices_operational Microsoft-Windows-TerminalServices-SessionBroker-Client/Admin:microsoft_windows_terminalservices_sessionbroker_client_admin Microsoft-Windows-TerminalServices-SessionBroker-Client/Analytic:microsoft_windows_terminalservices_sessionbroker_client_analytic Microsoft-Windows-TerminalServices-SessionBroker-Client/Debug:microsoft_windows_terminalservices_sessionbroker_client_debug Microsoft-Windows-TerminalServices-SessionBroker-Client/Operational:microsoft_windows_terminalservices_sessionbroker_client_operational Microsoft-Windows-Threat-Intelligence/Analytic:microsoft_windows_threat_intelligence_analytic Microsoft-Windows-Time-Service-PTP-Provider/PTP-Operational:microsoft_windows_time_service_ptp_provider_ptp_operational Microsoft-Windows-Time-Service/Operational:microsoft_windows_time_service_operational Microsoft-Windows-TunnelDriver:microsoft_windows_tunneldriver Microsoft-Windows-UAC/Operational:microsoft_windows_uac_operational Microsoft-Windows-UIAutomationCore/Debug:microsoft_windows_uiautomationcore_debug Microsoft-Windows-UIAutomationCore/Diagnostic:microsoft_windows_uiautomationcore_diagnostic Microsoft-Windows-UIAutomationCore/Perf:microsoft_windows_uiautomationcore_perf Microsoft-Windows-USB-UCX-Analytic:microsoft_windows_usb_ucx_analytic Microsoft-Windows-UniversalTelemetryClient/Operational:microsoft_windows_universaltelemetryclient_operational Microsoft-Windows-User Profile Service/Diagnostic:microsoft_windows_user_profile_service_diagnostic Microsoft-Windows-User Profile Service/Operational:microsoft_windows_user_profile_service_operational Microsoft-Windows-User-Loader/Analytic:microsoft_windows_user_loader_analytic Microsoft-Windows-User-Loader/Operational:microsoft_windows_user_loader_operational Microsoft-Windows-UserModePowerService/Diagnostic:microsoft_windows_usermodepowerservice_diagnostic Microsoft-Windows-UserPnp/ActionCenter:microsoft_windows_userpnp_actioncenter Microsoft-Windows-UserPnp/DeviceInstall:microsoft_windows_userpnp_deviceinstall Microsoft-Windows-UserPnp/DeviceMetadata/Debug:microsoft_windows_userpnp_devicemetadata_debug Microsoft-Windows-UserPnp/Performance:microsoft_windows_userpnp_performance Microsoft-Windows-UserPnp/SchedulerOperations:microsoft_windows_userpnp_scheduleroperations Microsoft-Windows-VDRVROOT/Operational:microsoft_windows_vdrvroot_operational Microsoft-Windows-VHDMP-Analytic:microsoft_windows_vhdmp_analytic Microsoft-Windows-VHDMP-Operational:microsoft_windows_vhdmp_operational Microsoft-Windows-VIRTDISK-Analytic:microsoft_windows_virtdisk_analytic Microsoft-Windows-VPN/Operational:microsoft_windows_vpn_operational Microsoft-Windows-VerifyHardwareSecurity/Admin:microsoft_windows_verifyhardwaresecurity_admin Microsoft-Windows-VerifyHardwareSecurity/Operational:microsoft_windows_verifyhardwaresecurity_operational Microsoft-Windows-Volume/Diagnostic:microsoft_windows_volume_diagnostic Microsoft-Windows-VolumeSnapshot-Driver/Analytic:microsoft_windows_volumesnapshot_driver_analytic Microsoft-Windows-VolumeSnapshot-Driver/Operational:microsoft_windows_volumesnapshot_driver_operational Microsoft-Windows-WER-PayloadHealth/Operational:microsoft_windows_wer_payloadhealth_operational Microsoft-Windows-WFP/Analytic:microsoft_windows_wfp_analytic Microsoft-Windows-WFP/Operational:microsoft_windows_wfp_operational Microsoft-Windows-WMI-Activity/Debug:microsoft_windows_wmi_activity_debug Microsoft-Windows-WMI-Activity/Operational:microsoft_windows_wmi_activity_operational Microsoft-Windows-WMI-Activity/Trace:microsoft_windows_wmi_activity_trace Microsoft-Windows-WUSA/Debug:microsoft_windows_wusa_debug Microsoft-Windows-WWAN-NDISUIO-EVENTS/Diagnostic:microsoft_windows_wwan_ndisuio_events_diagnostic Microsoft-Windows-WebIO-NDF/Diagnostic:microsoft_windows_webio_ndf_diagnostic Microsoft-Windows-WebIO/Diagnostic:microsoft_windows_webio_diagnostic Microsoft-Windows-WebServices/Tracing:microsoft_windows_webservices_tracing Microsoft-Windows-Websocket-Protocol-Component/Tracing:microsoft_windows_websocket_protocol_component_tracing Microsoft-Windows-Win32k/Concurrency:microsoft_windows_win32k_concurrency Microsoft-Windows-Win32k/Contention:microsoft_windows_win32k_contention Microsoft-Windows-Win32k/Messages:microsoft_windows_win32k_messages Microsoft-Windows-Win32k/Operational:microsoft_windows_win32k_operational Microsoft-Windows-Win32k/Power:microsoft_windows_win32k_power Microsoft-Windows-Win32k/Render:microsoft_windows_win32k_render Microsoft-Windows-Win32k/Tracing:microsoft_windows_win32k_tracing Microsoft-Windows-Win32k/UIPI:microsoft_windows_win32k_uipi Microsoft-Windows-WinHTTP-NDF/Diagnostic:microsoft_windows_winhttp_ndf_diagnostic Microsoft-Windows-WinHttp/Diagnostic:microsoft_windows_winhttp_diagnostic Microsoft-Windows-WinINet-Capture/Analytic:microsoft_windows_wininet_capture_analytic Microsoft-Windows-WinINet-Config/ProxyConfigChanged:microsoft_windows_wininet_config_proxyconfigchanged Microsoft-Windows-WinINet/Analytic:microsoft_windows_wininet_analytic Microsoft-Windows-WinINet/UsageLog:microsoft_windows_wininet_usagelog Microsoft-Windows-WinINet/WebSocket:microsoft_windows_wininet_websocket Microsoft-Windows-WinNat/Oper:microsoft_windows_winnat_oper Microsoft-Windows-WinNat/Trace:microsoft_windows_winnat_trace Microsoft-Windows-WinRM/Analytic:microsoft_windows_winrm_analytic Microsoft-Windows-WinRM/Debug:microsoft_windows_winrm_debug Microsoft-Windows-WinRM/Operational:microsoft_windows_winrm_operational Microsoft-Windows-WinURLMon/Analytic:microsoft_windows_winurlmon_analytic Microsoft-Windows-Windeploy/Analytic:microsoft_windows_windeploy_analytic Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity:microsoft_windows_windows_firewall_with_advanced_security_connectionsecurity Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose:microsoft_windows_windows_firewall_with_advanced_security_connectionsecurityverbose Microsoft-Windows-Windows Firewall With Advanced Security/Firewall:microsoft_windows_windows_firewall_with_advanced_security_firewall Microsoft-Windows-Windows Firewall With Advanced Security/FirewallDiagnostics:microsoft_windows_windows_firewall_with_advanced_security_firewalldiagnostics Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose:microsoft_windows_windows_firewall_with_advanced_security_firewallverbose Microsoft-Windows-WindowsColorSystem/Debug:microsoft_windows_windowscolorsystem_debug Microsoft-Windows-WindowsColorSystem/Operational:microsoft_windows_windowscolorsystem_operational Microsoft-Windows-WindowsUIImmersive/Diagnostic:microsoft_windows_windowsuiimmersive_diagnostic Microsoft-Windows-WindowsUIImmersive/Operational:microsoft_windows_windowsuiimmersive_operational Microsoft-Windows-WindowsUpdateClient/Analytic:microsoft_windows_windowsupdateclient_analytic Microsoft-Windows-WindowsUpdateClient/Operational:microsoft_windows_windowsupdateclient_operational Microsoft-Windows-Wininit/Diagnostic:microsoft_windows_wininit_diagnostic Microsoft-Windows-Winlogon/Diagnostic:microsoft_windows_winlogon_diagnostic Microsoft-Windows-Winlogon/Operational:microsoft_windows_winlogon_operational Microsoft-Windows-Winsock-AFD/Operational:microsoft_windows_winsock_afd_operational Microsoft-Windows-Winsock-NameResolution/Operational:microsoft_windows_winsock_nameresolution_operational Microsoft-Windows-Winsock-WS2HELP/Operational:microsoft_windows_winsock_ws2help_operational Microsoft-Windows-Winsrv/Analytic:microsoft_windows_winsrv_analytic Microsoft-Windows-Wnv/Trace:microsoft_windows_wnv_trace Microsoft-Windows-ntshrui:microsoft_windows_ntshrui Microsoft-Windows-ntshrui-perf:microsoft_windows_ntshrui_perf Network Isolation Operational:network_isolation_operational OpenSSH/Admin:openssh_admin OpenSSH/Debug:openssh_debug OpenSSH/Operational:openssh_operational RTWorkQueueExtended:rtworkqueueextended RTWorkQueueTheading:rtworkqueuetheading Security:security Setup:setup SmbWmiAnalytic:smbwmianalytic System:system SystemEventsBroker:systemeventsbroker TimeBroker:timebroker UIManager_Channel:uimanager_channel WINDOWS_KS_CHANNEL:windows_ks_channel Windows PowerShell:windows_powershell
Doria
Friday, July 3, 2020 4:06 PM
