Enter any Windows Event ID for a plain-English explanation, log source, severity and troubleshooting steps.
💡 The table below shows only the 15 most common Event IDs. Our full database covers 200+ IDs across authentication, account management, system, services, DNS, DHCP, BitLocker, Hyper-V, printing, RDP, firewall, Group Policy, Defender and more, use the search button above to look up any ID not listed.
Event ID not found
This Event ID is not in our database yet. Try Ultimate Windows Security Encyclopedia or Microsoft's official documentation.
| Event ID | Name | Log | Severity |
|---|
The Windows Event ID Lookup tool is a reference database for IT administrators, security analysts and helpdesk technicians who work with Windows Event Viewer and SIEM platforms. Windows generates thousands of event types across the Security, System and Application logs, this tool covers over 200 of the most important ones with plain-English explanations, severity ratings and practical troubleshooting steps.
The database covers authentication events (logon success and failure, Kerberos, NTLM), account management (user creation, password changes, group membership changes), system health (kernel crashes, unexpected shutdowns, disk errors), services, DNS, DHCP, BitLocker, Windows Defender, PowerShell logging, AppLocker, scheduled tasks, Group Policy and Active Directory replication.
Rather than showing a raw table of all 200+ entries, the tool surfaces the 15 most commonly encountered Event IDs in the quick reference table, while the full database is always accessible through the search input. This is the same approach used in professional SIEM dashboards, highlight the high-frequency events while keeping the full dataset searchable.