Submit a ticketCall us

AnnouncementsAre You “Flying Blind?”

When it comes to your complex IT infrastructure, you want to ensure you have a good grasp of what’s going on to avoid any fire drills that result from guesswork. Read our white paper to learn how proactively monitoring your IT environment can help your organization while giving you peace of mind.

Get your free white paper.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > Create Windows Error Events filter in LEM

Create Windows Error Events filter in LEM

Table of contents
Created by Ezgi Muderrisoglu, last modified by MindTouch on Jun 23, 2016

Views: 1,479 Votes: 0 Revisions: 4


This article provides steps on how to create Windows Error Events filter in LEM.

Note: Make sure you have already carried out checks that the devices in question are sending Windows error event logs, and that the correct connectors are in place.


LEM version 6.2         


  1. Go to the Monitor page where the filters are.
  2. Click the + sign and click New Filter from the small drop-down menu that appears. The template for the new filter appears.
  3. Fill out the filter name: Windows Error Events.
  4. Fill out the description: Filter for events from Windows Error Events logs. Go to the next stage which is the Conditions.
  5. Go to Event Groups and locate Any Alert. Other details appear after clicking Any Alert in the list.
  6. Select EventInfo and drag it over to the Conditions box. The Any Alert.EventInfo = * appears and you need to type in the word: Error. It should appear as: Any Alert.EventInfo=*Error*
  7. Click the small group icon to add another group condition to the condition box.
  8. Continue to drag the following Any Alerts to the new conditions box and type in the following string condition:
    1. ToolAlias = *NT*
    2. ToolAlias = *Vista*
    3. ToolAlias = *Windows*
  9. The end result should look as follows:
  10. Click Save. The new filter should then appear for the user on the list of filters on the left side of the Monitor page.



Last modified