Generate an alert if a specific event has been logged

Hello everyone,

Attached is a script for scanning the Windows Event Log over a certain time frame for events containing specific Event ID, Source, Severity Level within the specified log. This is useful in the case of Blue Screen of Death (BSOD/BugCheck) events where the ITSM Agent may not correctly report a crash event.

This may be used either as a regular procedure or a Custom Monitor Procedure, the latter is recommended.


  • EventID: Event ID to be added to the file name to prevent collisions if multiple requests are run at once
Within ps_content (where the actual event check code lives):
  • $EvtID: The Event ID to search for
  • $EvtSrc: The specific Event Source to search for
  • $EvtLog: The Event Log you wish to search (Application, Security, System)
  • $EvtLvl: The severity of the event (Information, Warning, Error, Critical)
  • $CombInterval: How long back in the log to search from the time of execution (should match monitor interval if used as a Custom Monitor Procedure).

20181015-Generate-an-alert-if-a-specific-event-has-been-logged.json (3.61 KB)

Hi @Kristan

Already, We have the script in our repository do your task. Kindly refer it


Hi @Tamilselvam ,

The script I’ve submitted searches based on Event ID, Source, and Severity level whereas the original script in the repository only searches based on Event ID. While this is sufficient in most cases, there are some scenarios where an Event ID could be reported from different sources - this version restricts the search scope to a specific set of criteria.

Thanks and have a great day.