Zenoss ZenTech Community

Do you know if there is length limitation of the clause in Property value "zWinEventlogClause"
To filter the event log on windows client, we may eliminate and ignore the events according to specific Event ID+Source.
When we find some new event on Zenoss not important, we will add the Event ID+Source into the clause to filter it out.Since there will be lots of events we do not need to handle in Windows platform, the list of Event ID+Source may be huge.

Shall I put the query into value "zWinEventlogClause", or filter the event by Transform for zenoss event category "/Unknown" Can show me some script sample

Subject:	Reponse
Author:	[Not Specified]
Posted:	2014-02-03 13:06

I use many transforms in /Unknown to filter, re-classify, or drop.

Here is a very basic example:
if "HP ETHERNET" in getattr(evt, 'component', ''):
evt._action = "drop"

Links with more info:
http://hydruid-blog.com/p=352
http://wiki.zenoss.org/Category:Transforms

Hydruid

Subject:	Event Filtering
Author:	[Not Specified]
Posted:	2016-03-16 22:43

Hi!

I have been through the same issue.Windows Event Viewer does not provide user interface to filter events by extra event details, Although event log can be filtered by using structured XML queries but someone like me who does not XML it is tough. So i shifted to Event Log Explorer which provides easy to use interface and advanced Event Filtering features. Check this .I would recommend to try that.

Subject:	Perhaps easier to just filter
Author:	[Not Specified]
Posted:	2016-03-17 08:20

Perhaps easier to just filter on the events you do want Create the XML filter on the server itself as a custom view in Event Viewer, then filter only on what you want (or on what you don't want :) ). You can then copy that XML query wholesale and paste it into the Event Log XPath XML field in the data source.

Subject:	Do you have good suggestion for Windows Event filtering
Author:	[Not Specified]
Posted:	2014-01-16 01:54

Do you have good suggestion for Windows Event filtering