Share via

Event Viewer and Event list mismatch

Tarun Mehta 71 Reputation points
2022-07-07T07:27:41.647+00:00

we are facing is with Azure Monitoring. Events with Level 2 (Error) are presented in Azure as EventLevel 1 (Critical).

Same mismatch is with Warnings.
Warnings are Level 3 in Windows Event Viewer but are displayed as EventLevel 2 (Errors) in Azure. As you can see, there is a mismatch in mapping between Level in Event Viewer and EventLevel in Azure. This then leads to sending hundreds of emails stating that “Critical” events have been detected, which is not true.

The Log Analytics query is set for 60 machines and the issue seems to be affecting all of them. As far as we know, no one touched the query and no changes have been made in it. The issue seems to be in Azure.

Attached you can find the screenshots which show the issue and the Event Viewer/EventLevel mismatch. Please investigate and provide support for this case as soon as possible.

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,645 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AnuragSingh-MSFT 21,546 Reputation points Moderator
    2022-07-12T15:58:29.887+00:00

    @Tarun Mehta , apologies for the delayed response here.
    I understand that you had reached out to Microsoft Support and found out that there was a mismatch between the query being run in Log Analytics Workspace and the actual event logged in the monitored machine.

    Please let me know if you still have any questions related to this issue. Thank you.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.