How can i configure a condition to intercept an alert of Application Event log from Windows. I want to capture a specific Event ID.
We use <*>Event ID:<*>(--event id--)<*> in the message test field for none specific ID's. We also add an entry in the application field to limit which specific application/service generates the event. Some events need additional information to get really granular.