What Is the Windows Event Viewer and How to Use It

Windows Event Viewer Featured

If you’re a Windows user, you have probably heard the term Event Viewer being thrown around, but what is it? This guide takes an in-depth look at the Windows Event Viewer, discussing how to access it and what you can do with it.

Good to know: need to change the Administrator user in Windows? Learn several ways to do it.

What Is the Windows Event Viewer?

The Windows Event Viewer is a native utility for monitoring and keeping track of Windows events. It captures and stores detailed information about various occurrences, such as system errors, warnings, application crashes, and a wide range of additional information messages generated by Windows resources and third-party applications running on your computer.

You can think of it as a log that your computer keeps, documenting all sorts of things that happen on it. When things aren’t working as they should, you can check the log to figure out what went wrong.

How to Access the Windows Event Viewer

By default, the Windows Event Viewer is included in all versions of Windows and can be accessed in various ways, as detailed below.

  1. Press Windows + R to launch the Run dialog box.
  2. Type CMD and press Ctrl + Shift + Enter to launch an elevated version of the Command Prompt.
Typing "CMD" in Run dialog box.
  1. Type eventvwr and press Enter.
Typing command in Command Prompt.
  1. The Event Viewer window will open.
  2. Alternatively, go through Control Panel to open Event Viewer. Press the Windows key and type “Control.” Select “Best match” underneath.
Typing "Control Panel" via Windows Search.
  1. In the Control Panel window, click on “System and Security.”
  2. Navigate to and select ”Windows Tools.”
Clicking on Windows Tools in Control Panel.
  1. Double-click on “Event Viewer” in the next window to launch the program.
Double-clicking "Event Viewer" to open it via Control Panel.

Tip: if you tend to often use Command Prompt, it may prove useful to know how to enable copy-paste in CMD.

What You Can Do With Windows Event Viewer

You can leverage the Event Viewer to perform a variety of tasks, including those mentioned below:

1. View System Events

One of the primary functions of the Event Viewer, as the name implies, is to provide a way to view all the events generated by Windows and other applications on your computer. As a utility program, it collects and logs events as they occur, meaning you can view both active and past events that are generated on your computer.

While you’ll find different categories of events on the Windows Event Viewer, three of them are where you’ll make frequent visits when using this tool. All are found under the “Windows Logs” folder.

Windows Logs view in Event Viewer.
  • Application – logs events related to software applications installed on your computer. Examples include application crashes, installation or uninstallation of apps, app updates, etc.
  • System – includes events related to Windows and its components, such as system errors, warnings, and notifications related to hardware devices, drivers, and system services.
  • Security – this category logs events about security-related actions taken on the computer. Examples include login attempts, changes to user accounts or privileges, network security changes, etc.

2. Diagnose Problems

As previously mentioned, the Event Viewer also doubles as a tool for diagnosing problems on your computer.

Showing the source of Application events in Event Viewer.

For instance, the list under the “Application -> Source” column is a helpful indicator of the source of an error event. It can be a system component or application.

Tip: make sure you check on the health of your hard disk regularly. Learn how to ensure it remains in the best shape possible.

3. Monitor Performance

Beyond tools like the Task Manager, you can also use Event Viewer to get insights on the health of your computer. It can provide important information on system events, such as CPU usage and disk activity, and you’ll be able to use this information to identify performance bottlenecks and learn how to optimize your system for better performance.

Checking Administrative Events under System in Event Viewer.

In addition, you can get information on system performance-related metrics under either Administrative Events or System. Watch for event logs related to your CPU or RAM.

4. Monitor PC Usage

The Event Viewer can also be used to monitor PC usage by tracking system events related to user logins, logouts, and other user activities. Harness this for monitoring user behavior and detecting potential security threats.

For instance, you can find out if someone else has been logging in to your PC by scrutinizing logs in the “Security” tab. Similarly, you can check your computer’s startup and shutdown history with this information.

5. View and Export Error Logs

One of the other popular uses of the Event Viewer is viewing and exporting detailed error logs. Whether you’re a regular user, an administrator, or part of an IT department, you’ll find the saved log files useful for identifying the cause of system errors.

Exporting error logs via Event Viewer.

To export error logs, hold down the Ctrl and select each one. Alternatively, select “Save All Events As” in the right pane to save all logs under a group.

Tip: what’s the best scenario for your computer when you’re not using it: shutting it down or putting it to sleep?

Frequently Asked Questions

How long are events stored in Windows Event Viewer?

This all depends on the size of the event log and the default settings for the log. By default, the Event Viewer overwrites events as needed when the log becomes full. The good news is that you can adjust the log settings to control how long events are stored. To do this, right-click on any log category and select “Properties.” Then, change the option under “When Maximum Event Is Reached” to “Do not overwrite events.”

Can I filter the events recorded in the Event Viewer?

Yes. This is your best bet if you want to quickly find the events you’re interested in. You can filter events based on various criteria, such as event type, source, and date once you select the “Create Custom View” option.

Image credit: Unsplash. All screenshots by Maxwell Timothy.

Is this post useful?
Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox