Users discussed creating triggers for detecting a process crash in a Windows 10 VM. The ideal event ID for this is 1000, with 1002 being used for a hang. Invoke-cuquery can be used to pull crash events from the last hour. Edge uses 1000 and 1001, with 1001 being used for something else. Insertionstrings can be used for other fun stuff.
Read the entire ‘Creating Triggers for Process Crashes in Windows 10 VM’ thread below:
Hi all, anyone have experience or guidance creating triggers for detecting when a process crashes in a windows 10 VM?
Isn’t that the 1001 event ID?
1000 actually and 1002 for a hang
some people will also say when they end with an exit code of not 0 but you will get tons of false positives
this one will respond to both
Edge uses 1000 and 1001
1001 is something else
if you want to pull all crash events for the last hour you can use this cmdlet $crashdata = (invoke-cuquery -Scheme main -Table Events -Fields * -sort TimeWritten -Where "EventID = ‘1000’ AND Source = ‘Application Error’" -take 50000 -SortDir Desc).data
they key is unique so if you run that every 30 minutes you can aggregate it into a bigger csv file
I often use the insertionstrings for other fun stuf 🙂
wow, thanks for the quick responses! I will give it a go. For a little more context, I’m trying to detect this particular error:
Continue reading and comment on the thread ‘Creating ControlUp Triggers for Process Crashes in Windows 10 VM’. Not a member? Join Here!
Categories: All Archives, ControlUp Scripts & Triggers