Our customer need to monitor event id 1000 in source "Application Error", I used windows event log monitor olugin and it works fine. But there are different faulting application names for the event id 1000,as you can see the 2 screen shots I attached,customer just want to monitor id 1000 for a certain application,is there any way to do this?
If you look at the description of the Windows Event Log Monitor Plugin - -https://community.dynatrace.com/community/display/... - then you can see that @Derek A. (author of the plugin) provides a Search Term feature where you can filter on things such as EventID=1000
We already used the plugin to
monitor event id 1000 ,and it works,but our customer just want to get
alert for the event id 1000 with Faulting application name: w3wp.exe .
Do you have any idea how to fulfill this?
Thanks for the clarification. Well - in that case I would setup a second instance of that monitor plugin and JUST monitor the events with event id 1000 for w3wp - That query should also be possible to specify through the Search Term option. This will give you a single measure that tells you when such a windows event log entry appears. now you can use that measure for your incident
From the document of the plugin,the search term obtained from the XML in windows event log,and using the filter we can only define event id ,timeframe,event source,event level .I don't know how to filter the Faulting application name ,would you pls kindly share an example to me. A full search term would be appreciate ,thx!