Overview

Possible Causes

• Misconfigured severity mapping in EventLog Analyzer.
• Log source sending incorrect severity information.
• Custom rules or filters overriding default severity levels.
• Outdated EventLog Analyzer version or missing patches.

• Windows groups events into levels such as,
• Information
• Warning
• Error
• Critical
• Emergency
• Syslog groups events into severity levels as (0–7):
• 0 – Emergency
• 1 – Alert
• 2 – Critical
• 3 – Error
• 4 – Warning
• 5 – Notice
• 6 – Informational
• 7 – Debug

• Access to edit and update the respective custom report.
• Administrative access to EventLog Analyzer, if required for configuration changes.

Resolution

1. In your EventLog Analyzer, go to Reports → Manage Reports → Edit the respective custom report.
   
   
   
   
   
2. Click on the "+" icon to add a field in the criteria and choose the field LogType.
3. If the log source is a Windows device, select the LogType as "Windows Event Log" or any specific log type from the drop-down.
4. Ensure the operator selected is AND.
5. Click on Update to save the changes.
   
   

Tips

• Always specify the correct LogType while creating or editing custom reports to avoid mismatched severity levels.
• Cross-check the device type (Windows, Syslog, etc.) before finalizing report criteria.
• Keep EventLog Analyzer updated with the latest patches to avoid known issues.

How to contact support

• EventLog Analyzer build information.
• Screenshots or export of affected reports.
• Screenshot of the custom report criteria
• Screenshot of Log Collection filter page

Related articles and topics

• Custom Reports in EventLog Analyzer.
• Report Export and Customization in EventLog Analyzer.
• Configuring Out of the box reports in EventLog Analyzer