Re: Application Log Event

Hi Nicole,

I am writing the event as a warning but it's not showing up. Below are the details of the event I am writing. Maybe I'm not filtering in nDepth correctly. How would you filter for this event in nDepth? Thanks for the help on this!

-----------------------------------------------------------------------

Log Name:      Application
Source:        Microsoft-Windows-User Profiles Service
Date:          7/23/2015 11:28:03 AM
Event ID:      30001
Task Category: (1)
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      abcserver.mydomain.com
Description:
The description for Event ID 30001 from source Microsoft-Windows-User Profiles Service cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

7/23/2015 11:28:03 AM_UserInfo:
@{LOGONSERVER=\\abcserver; USERDNSDOMAIN=mydomain.com; USERDOMAIN=mydomain; USERNAME=adminabc; USERPROFILE=C:\Users\adminabc; HOMEPATH=\Users\adminabc; HOMEDRIVE=C:; APPDATA=C:\Users\adminabc\AppData\Roaming; LOCALAPPDATA=C:\Users\adminabc\AppData\Local}
SessionInfo:
r@{SESSIONNAME=RDP-Tcp#0; CLIENTNAME=adminabc-VM2; TEMP=C:\Users\adminabc\AppData\Local\Temp\1; TMP=C:\Users\adminabc\AppData\Local\Temp\1}
Reason:
checking disk space usage

the message resource is present but the message is not found in the string/message table

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-User Profiles Service" Guid="{12345}" EventSourceName="Microsoft-Windows-User Profiles Service" />
    <EventID Qualifiers="0">30001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>1</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-07-23T16:28:03.000000000Z" />
    <EventRecordID>38145</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>DataServ3.mydomain.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>7/23/2015 11:28:03 AM_UserInfo:
@{LOGONSERVER=\\abcserver; USERDNSDOMAIN=mydomain.com; USERDOMAIN=mydomain; USERNAME=adminabc; USERPROFILE=C:\Users\adminabc; HOMEPATH=\Users\adminabc; HOMEDRIVE=C:; APPDATA=C:\Users\adminabc\AppData\Roaming; LOCALAPPDATA=C:\Users\adminabc\AppData\Local}
SessionInfo:
r@{SESSIONNAME=RDP-Tcp#0; CLIENTNAME=adminabc-VM2; TEMP=C:\Users\adminabc\AppData\Local\Temp\1; TMP=C:\Users\adminabc\AppData\Local\Temp\1}
Reason:
checking disk space usage</Data>
  </EventData>
</Event>