Windows 10: Event Viewer limit number of entries Solved

  1. Posts : 334
    Windows 10 home 1709 16299.192
       1 Week Ago #1

    Event Viewer limit number of entries

    I have a shortcut to open Event Viewer directly to System. Only need to see the most recent 100 entries. How can I limit the number?
      My ComputerSystem Spec

  2.    1 Week Ago #2

    Would limiting it by time be OK? You could make a custom view selecting the last hour (or day), save it somewhere (right click and export) and then make a shortcut eventvwr /v:path_to_saved_XML_file

    Alternatively if you want the last 100 specifically you can get them in powershell
    get-eventlog -logname system -newest 100
    You could then send the output to a file or whatever you wanted.
      My ComputerSystem Spec

  3. Posts : 334
    Windows 10 home 1709 16299.192
    Thread Starter
       1 Week Ago #3

    Splendid. Thank you.

    . . . Tried both, custom view works for me. Apparently EV does not remember the the view so I need to click it when I open EV. Can I include the view in my shortcut?
      My ComputerSystem Spec

  4.    1 Week Ago #4

    That is strange - it remembers the view for me. Even if I change to another view when I close EV and re-open using shortcut it jumps back to the defined custom view.

    How did you make the shortcut?

    This is mine:

    Click image for larger version. 

Name:	Capture.PNG 
Views:	18 
Size:	15.7 KB 
ID:	180730

    And this is the XML from exporting the custom view (I stored it in C:\Temp\SystemLastHour.xml):
    PHP Code:
    <ViewerConfig><QueryConfig><QueryParams><Simple><Channel>System</Channel><RelativeTimeInfo>1</RelativeTimeInfo><Level>1,2,3,4,0</Level><BySource>False</BySource></Simple></QueryParams><QueryNode><Name>SystemLastHour</Name><QueryList><Query Id="0" Path="System"><Select Path="System">*[System[(Level=1  or Level=or Level=or Level=or Level=0) and TimeCreated[timediff(@SystemTime) &lt;= 3600000]]]</Select></Query></QueryList></QueryNode></QueryConfig></ViewerConfig
      My ComputerSystem Spec

  5. Posts : 334
    Windows 10 home 1709 16299.192
    Thread Starter
       1 Week Ago #5

    OK, my saved xml is considerably longer:

    <ViewerConfig><QueryConfig><QueryParams><Simple><Channel>file://C:\WINDOWS\System32\Winevt\Logs\System.evtx</Channel><RelativeTimeInfo>3</RelativeTimeInfo><BySource>False</BySource></Simple></QueryParams><QueryNode><Name LanguageNeutralValue="24hr">24hr</Name><QueryList><Query Id="0" Path="file://C:\WINDOWS\System32\Winevt\Logs\System.evtx"><Select Path="file://C:\WINDOWS\System32\Winevt\Logs\System.evtx">*[System[TimeCreated[timediff(@SystemTime) &lt;= 86400000]]]</Select></Query></QueryList></QueryNode></QueryConfig><ResultsConfig><Columns><Column Name="Level" Type="System.String" Path="Event/System/Level" Visible="">116</Column><Column Name="Keywords" Type="System.String" Path="Event/System/Keywords">70</Column><Column Name="Date and Time" Type="System.DateTime" Path="Event/System/TimeCreated/@SystemTime" Visible="">166</Column><Column Name="Source" Type="System.String" Path="Event/System/Provider/@Name" Visible="">76</Column><Column Name="Event ID" Type="System.UInt32" Path="Event/System/EventID" Visible="">76</Column><Column Name="Task Category" Type="System.String" Path="Event/System/Task" Visible="">80</Column><Column Name="User" Type="System.String" Path="Event/System/Security/@UserID">50</Column><Column Name="Operational Code" Type="System.String" Path="Event/System/Opcode">110</Column><Column Name="Log" Type="System.String" Path="Event/System/Channel">80</Column><Column Name="Computer" Type="System.String" Path="Event/System/Computer">170</Column><Column Name="Process ID" Type="System.UInt32" Path="Event/System/Execution/@ProcessID">70</Column><Column Name="Thread ID" Type="System.UInt32" Path="Event/System/Execution/@ThreadID">70</Column><Column Name="Processor ID" Type="System.UInt32" Path="Event/System/Execution/@ProcessorID">90</Column><Column Name="Session ID" Type="System.UInt32" Path="Event/System/Execution/@SessionID">70</Column><Column Name="Kernel Time" Type="System.UInt32" Path="Event/System/Execution/@KernelTime">80</Column><Column Name="User Time" Type="System.UInt32" Path="Event/System/Execution/@UserTime">70</Column><Column Name="Processor Time" Type="System.UInt32" Path="Event/System/Execution/@ProcessorTime">100</Column><Column Name="Correlation Id" Type="System.Guid" Path="Event/System/Correlation/@ActivityID">85</Column><Column Name="Relative Correlation Id" Type="System.Guid" Path="Event/System/Correlation/@RelatedActivityID">140</Column><Column Name="Event Source Name" Type="System.String" Path="Event/System/Provider/@EventSourceName">140</Column></Columns></ResultsConfig></ViewerConfig>
    I note that your shortcut calls the xml while mine calls Winevt. I'll try your way . . .
      My ComputerSystem Spec

  6.    1 Week Ago #6

    Hmmm - I didn't write the xml - just made a custom view (selecting system for last hour) and exported it with right click, export custom view.

    It is interesting yours is more complex right from the top - yours says:
    and mine is

    You could save the xml in my post above, make a shortcut using that and see if that works for you. There is no system specific info in it.

    I've no idea why it is generated differently let alone how to edit it manually.
      My ComputerSystem Spec

  7. Posts : 334
    Windows 10 home 1709 16299.192
    Thread Starter
       1 Week Ago #7

    Success. My Shortcut: C:\Windows\System32\eventvwr.exe /v:"c:\all\Bobs\Documents\EventViewer24HrView.xml"

    Thanks again.
      My ComputerSystem Spec

  8.    1 Week Ago #8

    You are welcome - I learned something today too
      My ComputerSystem Spec


Related Threads
Be aware that the recent Dropbox update to Ver 29.4.20 causes the DbxSvc service to flood Event Viewer with tens of thousands of information entries (ID 320). You can stop the DbxSvc service to avoid this happening but I'm not sure what the...
I upgraded from Windows 7 to 10 and like a number of uses I have had to resolve a number of permission problems. However the two warnings below have me stumped. They do not always occur but when they do, both occur together and only for the one user...
Sorry, I have searched before posting, and seen other threads about similar problems, both here and elsewhere, but they either described very specific and different situations or proposed solutions that I have already tried. In fact, I have tried...
Clearing event viewer entries in General Support
How can I construct a .bat file to clear entries in the event viewer. Thanks
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 01:17.
Find Us