Event Log Management Tools in SentryOne

Melissa Connors

Published On: March 6, 2017

Categories: Event Calendar, SentryOne, Windows 0

Event log management is simple and centralized in SentryOne. Events across all of your monitored servers come together in one tool, making management faster. For example, correlating SQL Server performance issues with items in Windows Event Logs is painless. "Outlook-style" Calendar views provide a familiar way of chronicling Windows and SQL Server events. As a result, it's easy to jump right into resolving your server issues.

Event Log Management

First, I'll focus on handling the Windows Event Logs. Then I'll highlight managing SQL Server-specific events. Finally, I'll show you how to bring these items together in custom views.

Event Manager

Win Sentry Event Manager

Windows logs important incidents to the Windows Event Logs. SentryOne monitors and displays them in a highly configurable calendar view within the application. By default, SentryOne watches Application and System Logs. Optionally, you may activate the Security Log from the context menu in the Navigator pane.

SentryOne Event Log ManagementSentryOne Navigator --> Event Manager --> Event Logs

SQL Sentry Event Calendar

SQL Sentry logs numerous events specific to SQL Server. Top SQL, Blocking, Deadlocks, and more display on the Event Calendar when you select a SQL Server node on the Navigator.

Calendar View

You control which days to view, how many at a time, and the level of detail (1 minute, 10 minutes, 1 hour, 4 hours, or 1 day). This is accomplished by using the menu or right-clicking and selecting "Zoom To" while on the calendar.

Calendar Viewing Options for Windows Event LogCalendar Viewing Options for Windows Event Log

For example, here are three days, side-by-side.

Calendar View of Windows Event LogsCalendar View of Windows Event Logs

Calendar View Style

View events as a calendar, list, or both (split). These options display the same events. Because list views allow for additional sorting and filtering by each column, they may be preferable in some cases.

Calendar ViewsAccessing Calendar Views from the SentryOne Menu

The "Split" option (shown below) offers the benefits of both styles.

Calendar View Styles - Showing SplitCalendar View Styles - Showing Split

Would you like to see all of the event log management tools and more in SentryOne? Use this link to book a demo!


Custom Views

Custom Views bring event log management to another level. Defining a view allows the selection of instances, individual event objects, event sources, and filters. As a result, you have a view to correlate SQL Server and Windows Log Events together. In addition, grouping and viewing events specific to objects and sources is easy.

Start on the Navigator and add a new Local or Shared view.

Add New Event CalendarAdd New Event Calendar

Then, define what to include in the new Event Calendar.

Add New Event CalendarAdd New Event Calendar

As an example, here are items available under Logged Events:

Create Custom Views of Logged EventsCreate Custom Views of Logged Events - Example of Event Sources

Next, save the new view.

Add New Event CalendarAdd New Event Calendar

Now, your view is part of the Navigator menu.

Lori Edwards' (b|t) post, "Visualizing Jobs (and more!) in Event Manager" provides additional instructions for creating Custom Views.

History Filter

Since some incidents logged to the Windows Event Logs may be inconsequential, SentryOne provides filters for removing them. History Filters exclude events you don't want to view in SentryOne. First, navigate to Settings for the Event Manager node. Next, you'll see the Settings --> Windows Event Logs Source screen (shown below).

History Filter Windows Event Logs SourceHistory Filter Windows Event Logs Source

Then, set "Inherit from Parent (Global)" to False to access the "History Filter" field. Finally, create simple or complex filters on items like Event ID, Level, Log, Message Text, and more. If you need a refresher on "AND/OR/NOR/NAND" logic, check out my post on making logical choices in Advisory Conditions.

SQLSentry Top SQL Filters

There is an incredible amount of control for going outside of the default options and customizing to meet best your environment's needs. For example, When it comes to Top SQL, you may want to capture statements running under the default five seconds during a test to see queries that are running frequently, even if quickly.

History Filter SQL Server Source Top SQL Filter Options
History Filter SQL Server Source Top SQL Filter Options

Various Filter Options for SQL Server Event Sources (Deadlocks, SQL Server Agent Logs, Agent Alerts Source, Top SQL Source, etc.)

Most noteworthy on Top SQL is that you may also wish to exclude events that do not meet your specific thresholds for CPU, reads, or writes. Similarly, History Filters on Settings such as Deadlocks Source allow the exclusion of events logged to the SentryOne database by Event Time or Message Text values.


Event log management is consolidated and highly adaptable to your monitoring requirements via SentryOne tools. Furthermore, the Windows Event Logs are accessible, sortable, and filterable with Win Sentry Event Manager. In addition, SQL Sentry provides robust features for logging the SQL Server events that matter most to you. Finally, the custom calendar views provide a fusion between Windows and SQL Server events for more thorough management and investigation.

Test out SentryOne event log management for yourself with a free 15-day trial.

Melissa is the Product Education Manager at SentryOne. Melissa has over a decade of experience with SQL Server through software performance and scalability testing, analysis and research projects, application development, and technical support.