Windows event log filter parameters

Australia IT Operations Management

Release

australia

ft:locale

fr-FR

ft:publication_title

Australia IT Operations Management

ft:clusterId

itom

bundleId

itom

workflow

Technology

Windows event log filter parameters

Rversion finale: Australia

Mis à jour 12 mars 2026

1 minute de lecture

The configurable values on the Check Parameters tab of the os.windows.check-event-log check.

Tableau 1. Check Parameters tab values
Parameter	Type	Description
provider_name	String	Name of the provider that generated the event. Remarque : If you do not specify a log_file value together with the provider_name, the system searches all available log files, which increases the time it takes to receive results.
log_file	String	The name of the Windows event log file from which you retrieve events. Possible values are: Application System Remarque : If you do not specify a provider_name value together with the log_file, the system searches all events from the log file, which increases the number of retrieved events.
id	Integer	The numerical id of the event. Possible values are 0-65535.
warning	Integer	Any value above the specified parameter generates a Warning event.
event_level	String	The severity level of the event. Possible values: Critical Error Warning Information Verbose
regex_pattern	String	The regex pattern to be used in searching the event logs. The value must be enclosed in double quotation marks. For example, "error".
duration_hour	Integer	The time period for which you want to retrieve events from the Windows event log. Value is specified in hours; fractions of hours are specified with decimals.
critical	Integer	Any value equal to or above the specified parameter generates a Critical event.