Query Details
Show Application Crashes
Query
Use Case: Monitoring and analyzing application crashes or errors on Windows systems over the past week.
Query:
WindowsEvent('Application', 7d)
| where tostring(EventId) == '1000'Explanation
The query is looking for application crashes or errors on Windows systems that have occurred in the past week. It specifically filters for events with an EventId of 1000.
Details
Ugur Koc
Released: February 4, 2024
Tables
WindowsEvent
Keywords
WindowsEvent,Application,EventId
Operators
WindowsEventwheretostringEventId=='1000'