Correlate Windows Events

Use the Correlate Windows Events activity to specify the event log information that is to be located on the target.

Note: To ensure that this activity properly executes, verify that the Remote Registry service is enabled on the target.

Complete the following properties to use this activity:

Windows - Specify the following information or click the Variable Reference icon to choose a variable:
- Entry Type - Click the drop-down menu and check the check boxes for the types of events that must be matched.
- Log Name - Enter the name or expression of the event log to be matched.
- After Time - Correlate events that occurred after the specified time.
- Before Time - Correlate events that occurred before the specified time.
- Event Source - Enter the source to locate matching events.
- Instance ID Enter the event ID.
- Event Description - Enter the description to find matching event log entries.
- Event Computer Name - Enter the computer name that should be matched.
- Persist Table - Check the check box to persist the resulting table so you can view and modify the results after the workflow completes.