Windows event log filter parameters

Zurich IT Operations Management

Release: zurich
ft:locale: en-US
ft:publication_title: Zurich IT Operations Management
ft:clusterId: itom
bundleId: itom
workflow: Technology

Windows event log filter parameters

Release version: Zurich

Updated July 31, 2025

1 minute to read

The configurable values on the Check Parameters tab of the os.windows.check-event-log check.

Table 1. Check Parameters tab values
Parameter	Type	Description
provider_name	String	Name of the provider that generated the event. Note: If you do not specify a log_file value together with the provider_name, the system searches all available log files, which increases the time it takes to receive results.
log_file	String	The name of the Windows event log file from which you retrieve events. Possible values are: Application System Note: If you do not specify a provider_name value together with the log_file, the system searches all events from the log file, which increases the number of retrieved events.
id	Integer	The numerical id of the event. Possible values are 0-65535.
warning	Integer	Any value above the specified parameter generates a Warning event.
event_level	String	The severity level of the event. Possible values: Critical Error Warning Information Verbose
regex_pattern	String	The regex pattern to be used in searching the event logs. The value must be enclosed in double quotation marks. For example, "error".
duration_hour	Integer	The time period for which you want to retrieve events from the Windows event log. Value is specified in hours; fractions of hours are specified with decimals.
critical	Integer	Any value equal to or above the specified parameter generates a Critical event.