Event Log monitor: Filtering event descriptions

This article describes how to filter Windows Event Log descriptions from alerts using the Event Log monitor.

When using an Event Log monitor, you can filter the alert criteria based on the event description or message body by using the (-) character in the Event Descriptions field. Refer to Event Log monitor. This step ensures that the Event Log monitor only triggers and sends alerts based on criteria you find relevant.

EXAMPLE This example displays two errors in the Windows Event Log with the Event ID 16387. You would want to exclude any event that contains the Error Code 0x80070002 in its description.

To accomplish this, you can enter the (-) character and the error code in the Event Descriptions field:

-"Error Code: 0x8007000"

You can also enter only the value of the error code:

-"0x80070002"

EXAMPLE This example has a Windows installer event with an Event ID of 1040. You would want to filter Datto RMM installation events.

You can use the wildcard character (%) to filter all events that trigger in a directory path:

-"%C:\ProgramData\Centrastage\Packages%"

You can also add multiple filters by separating each string with a space:

-"0x80070002" -"0x80041326" -"%0x80070002%"

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Kaseya Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.