How can I validate my setup of Windows Event Logs?
After following the setup instructions, you can run the get-eventlog -List
command from a Powershell terminal. The output will list all logs log available for reading in an output similar to this:
Max(K) Retain OverflowAction Entries Log
------ ------ -------------- ------- ---
20,480 0 OverwriteAsNeeded 136 Application
512 7 OverwriteOlder 0 Microsoft-Windows-RemoteDesktopServices-RdpCoreCDV/Operational
512 7 OverwriteOlder 334 Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational
512 7 OverwriteOlder 55 Microsoft-Windows-TerminalServices-LocalSessionManager/Operational
512 7 OverwriteOlder 85 Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational
20,480 0 OverwriteAsNeeded 769 Security
20,480 0 OverwriteAsNeeded 1,026 System
Ensure that all logs are listed in the Log
column, and all of them have a value greater than zero
in the Entries
column.
How do I find my Beacon URL and Custom Application ID?
After creating a Custom Application, open its detail page, click the ...
button, then select Edit
. On the page that opens, navigate to Instrumentation wizard
and find these details listed as Application ID and Beacon URL
I'm missing Session Input Delay and Process Input Delay data, what should I do?
While we noticed it happen particularly with Session and Process Input Delay performance counters, it is a known issue that Microsoft Performance Counters may break and require rebuilding.
Following Microsoft's guide, run the following commands as Administrator:
lodctr /R
WINMGMT.EXE /RESYNCPERF
Get-Service -Name "pla" | Restart-Service -Verbose
Get-Service -Name "winmgmt" | Restart-Service -Force -Verbose