Home PC Troubleshooting Using Event Viewer to Troubleshoot Problems

Using Event Viewer to Troubleshoot Problems

PC Troubleshooting January 7, 2013 · Comments off

Last Updated on April 18, 2026

Last Updated: April 2026

The Windows Event Viewer is the system’s ‘black box’ recorder. It maintains a detailed log of every significant event on your computer, from software crashes to hardware failures. While it can be overwhelming at first glance, it is the most powerful tool available for identifying why a computer is crashing or behaving unexpectedly.

The Windows Event Viewer is fairly simple to use once you get the hang of it and it will come in very handy when you are trying to figure out the source of the problem since you can note the time the problem occurred and view events from that time when searching the logs. Then you can find the reason that Event Viewer gives for the problem. It can be used to find things such as DNS or DHCP errors as well as finding out when an unexpected shutdown occurred for example.

The most efficient way to open Event Viewer in Windows 11 is to right-click the Start button (or press Windows + X) and select Event Viewer from the Power User menu. This bypasses the search bar entirely and ensures you are looking at the most current management console.

Event Viewer details
Event viewer Application log

Event Viewer logs are categorized into groups that include informational alerts, warnings and errors. You can sort these entries by type, date, time, source, category, event, user and computer. When you double click an entry you will get more detailed information about that entry.

When you select an event, the General tab provides a summary of what happened. For example, a ‘DistributedCOM’ error might look scary, but it is often a harmless permission issue. You should look specifically for Critical or Error levels that coincide exactly with the time your computer crashed or slowed down. Use the Event ID and Source fields to search online for specific solutions. You can use this information to search the web to find answers to more complicated events by using the Source, Category and Event ID information.

Event properties

You can also export the event logs to a file if you want to save them or have someone else look at them on their computer. To do this simply right click the log you want to save and pick Save Log File As. You will have an option to save it as an Event Log, text file or CSV file.

To clear the contents of the log file right click the log and pick Clear all Events. It will ask you if you want to save the log before clearing it.

To make the logs readable, you should use the Filter Current Log feature. In the right-hand ‘Actions’ pane, click Filter Current Log… and check the boxes for Critical, Error, and Warning. This removes the thousands of ‘Information’ logs that clutter the view, allowing you to focus on actual system problems.

The ‘Custom Views’ Shortcut

If you want to quickly see all the major problems without digging through separate logs, use the Custom Views folder in the left pane:

  1. Expand Custom Views and select Administrative Events.
  2. This view automatically pulls together all Errors and Warnings from across the entire system.
  3. If your computer recently experienced a ‘Blue Screen’ or a spontaneous reboot, look here for a ‘Kernel-Power’ error (Event ID 41), which indicates the system shut down unexpectedly.

Crucial Event IDs to Watch For

If you are troubleshooting a 2026-era PC, keep an eye out for these specific codes:

  • Event ID 41 (Kernel-Power): The system rebooted without cleanly shutting down first. If there was no Blue Screen, check your Power Supply (PSU).
  • Event ID 7 or 153 (Disk): These are early warning signs that your NVMe SSD or Hard Drive is failing or has a bad connection.
  • Event ID 6008: This log entry simply notes that the previous shutdown was unexpected, useful for tracking when a PC is crashing while you’re away from the desk.

Don’t Panic!

It is perfectly normal to see hundreds of ‘Errors’ and ‘Warnings’ in Event Viewer on a perfectly healthy computer. Windows logs every minor hiccup, many of which are resolved automatically in milliseconds. Only use Event Viewer when you are actively troubleshooting a specific symptom, like a freeze, a crash, or a failed update.

Pro Tip: When you open an error, click the Details tab and select XML View. While it looks like code, you can often find a specific .sys or .dll file name listed there. This tells you exactly which driver or program caused the crash, which is much more helpful than the generic “General” description.

The Event Viewer is a good place even to see what is going on with your computer and to find issues that you didn’t even know about.

For additional training resources, check out our online IT training courses.

Check out our extensive IT book series.

Todd Simms

Todd Simms has over 15 years of experience in the IT industry specializing in Windows, networking and hardware.

Related Posts

CHKDSK vs. DISM vs. SFC for Windows repair

CHKDSK vs. DISM vs. SFC: The Correct Order to Repair Windows

How to Access Safe Mode If Windows Won't Start Correctly or Fully Load

How to Access Safe Mode If Windows Won’t Start Correctly or Fully Load

Having date errors after email migration

Wrong Email Dates After Migration (Causes & Fixes)

Why does my computer freeze up and crash?

Why does my computer freeze up and crash?

Troubleshooting Sound Problems in Windows

Troubleshooting Sound Problems in Windows

Windows Resource Monitor

Discover the latest tips and information related to computers and technology. PC troubleshooting, Networking, Windows, Hardware, and More.

© 2026 Online Computer Tips
Website by Anvil Zephyr