如何從 EventViewer 永久刪除自訂視圖?

tag-icon tag-icon windows-10 event-log event-viewer
如何從 EventViewer 永久刪除自訂視圖?

我在事件檢視器中建立了一個自訂視圖。我從事件檢視器中刪除了自訂視圖,自訂視圖消失了,然後我再次啟動了事件檢視器,但自訂視圖又出現了。

Windows 10版本是1803。

螢幕截圖影片

的內容%ProgramData%\Microsoft\Event Viewer\Views\是:(ServerRoles目錄)和View_0.xml

View_0.xml包含:

<?xml version="1.0" encoding="UTF-8"?>
<ViewerConfig>
   <QueryConfig>
      <QueryParams>
         <Simple>
            <Channel>System</Channel>
            <EventId>12,13,20,27,42,107</EventId>
            <Source>Microsoft-Windows-Kernel-Boot,Microsoft-Windows-Kernel-Power</Source>
            <RelativeTimeInfo>0</RelativeTimeInfo>
            <BySource>False</BySource>
         </Simple>
      </QueryParams>
      <QueryNode>
         <Name LanguageNeutralValue="State">State</Name>
         <QueryList>
            <Query Id="0" Path="System">
               <Select Path="System">*[System[Provider[@Name='Microsoft-Windows-Kernel-Boot' or @Name='Microsoft-Windows-Kernel-Power'] and (EventID=12 or EventID=13 or EventID=20 or EventID=27 or EventID=42 or EventID=107)]]</Select>
            </Query>
         </QueryList>
      </QueryNode>
   </QueryConfig>
   <ResultsConfig>
      <Columns>
         <Column Name="Level" Type="System.String" Path="Event/System/Level" Visible="">100</Column>
         <Column Name="Keywords" Type="System.String" Path="Event/System/Keywords">70</Column>
         <Column Name="Date and Time" Type="System.DateTime" Path="Event/System/TimeCreated/@SystemTime" Visible="">150</Column>
         <Column Name="Source" Type="System.String" Path="Event/System/Provider/@Name" Visible="">60</Column>
         <Column Name="Event ID" Type="System.UInt32" Path="Event/System/EventID" Visible="">60</Column>
         <Column Name="Task Category" Type="System.String" Path="Event/System/Task" Visible="">60</Column>
         <Column Name="User" Type="System.String" Path="Event/System/Security/@UserID">50</Column>
         <Column Name="Operational Code" Type="System.String" Path="Event/System/Opcode">110</Column>
         <Column Name="Log" Type="System.String" Path="Event/System/Channel">80</Column>
         <Column Name="Computer" Type="System.String" Path="Event/System/Computer">170</Column>
         <Column Name="Process ID" Type="System.UInt32" Path="Event/System/Execution/@ProcessID">70</Column>
         <Column Name="Thread ID" Type="System.UInt32" Path="Event/System/Execution/@ThreadID">70</Column>
         <Column Name="Processor ID" Type="System.UInt32" Path="Event/System/Execution/@ProcessorID">90</Column>
         <Column Name="Session ID" Type="System.UInt32" Path="Event/System/Execution/@SessionID">70</Column>
         <Column Name="Kernel Time" Type="System.UInt32" Path="Event/System/Execution/@KernelTime">80</Column>
         <Column Name="User Time" Type="System.UInt32" Path="Event/System/Execution/@UserTime">70</Column>
         <Column Name="Processor Time" Type="System.UInt32" Path="Event/System/Execution/@ProcessorTime">100</Column>
         <Column Name="Correlation Id" Type="System.Guid" Path="Event/System/Correlation/@ActivityID">85</Column>
         <Column Name="Relative Correlation Id" Type="System.Guid" Path="Event/System/Correlation/@RelatedActivityID">140</Column>
         <Column Name="Event Source Name" Type="System.String" Path="Event/System/Provider/@EventSourceName">140</Column>
      </Columns>
   </ResultsConfig>
</ViewerConfig>

我嘗試刪除該文件,但沒有幫助。該文件已重新建立。

答案1

我所做的只是單擊我的自訂日誌(這樣選擇它)並點擊鍵盤上的“刪除”。

相關內容