0

I searched for a specific Event ID (6008 Unexpected Shutdown) in the Windows 7 Event Viewer, but now I want to see the events in the log that led up to that event, so how can I search for that specific event as it appears in the log with the logs before and after it?

Is there some sort of primary key I can search for, or is it more unstructured?

Improve this question

1 Answer 1

Reset to default
0

Unfortunately, you will probably have to do multiple searches, the first by Event ID, and then by time range, to get the preceding messages. there is no linkage between messages, so there isn't a good way to get related messages, except by time span.

Improve this answer
1
  • Wow thanks Microsoft! A Binary format that doesn't have any primary keys! No wonder it's so hard to diagnose issues on Windows.
    – leeand00
    Commented Mar 14, 2013 at 17:23

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .