If youβve ever troubleshot a Windows machine, you already know the pain.
You start in Application logs, then jump to System logs.
Then suddenly you need Group Policy logs buried under:
Microsoft β Windows β GroupPolicy β Operational
You export one logβ¦
Then realize you need anotherβ¦
Then go back againβ¦
Before you know it, youβre stuck in the old Event Viewer UI, clicking endlessly.
π This is exactly the problem Core365 Event Dashboard solves.
β‘ What Is Core365 Event Dashboard?
Core365 Event Dashboard is a PowerShell-based event log collector and HTML dashboard generator that:
- Discovers ALL Windows event logs automatically
- Collects events across logs in one run
- Generates a fully interactive HTML report
- Works with zero dependencies β no agents, no servers
You simply run one script and get a complete troubleshooting dashboard instantly.
π§ Why This Tool Is a Game Changer
Instead of manually collecting logs one by one:
β
One execution β All logs
β
One file β Full analysis
β
One dashboard β Everything linked
The script uses:
Get-WinEvent -ListLog *to discover every log with events, including:
- Group Policy
- PowerShell
- DNS
- Firewall
- NTFS
- Task Scheduler
π₯οΈ The Dashboard Experience (3-Pane Design)
The generated HTML dashboard is built like a modern SIEM-lite interface:
π Left Pane β Log Explorer
- All logs grouped and collapsible
- Search and filter logs instantly
- Event counts per log
π Middle Pane β Insights & Analysis
- Summary cards (Total, Error, Warning, etc.)
- Timeline chart (events per hour)
- Correlated incidents
- Advanced filters
- Paginated event table
π Right Pane β Deep Dive
- Click any event β see full details instantly
- Includes message, source, machine, and metadata
π This 3-pane layout provides fast navigation and deep visibility
π Built-In Event Correlation (This Is Huge)
Instead of manually connecting events, the tool automatically detects incidents.
β 7 Correlation Rules Included
| π Rule | π§Ύ Event IDs | π Source | β± Window |
|---|---|---|---|
| π Account Lockout Chain | 4625 β 4740 β 4767 | Security | 30 min |
| π« Authentication Failures | 4625 4771 4776 | Security | 15 min |
| βοΈ Service Crash & Recovery | 7034 7036 7040 | System | 60 min |
| π Group Policy Processing | 1500β1503 8000β8007 | GPO | 10 min |
| π Windows Update | 19 20 21 22 43 44 | System | 120 min |
| π½ Disk Errors | 7 9 11 15 51 | System | 60 min |
| π₯ Firewall Changes | 2004 2005 2006 2033 | Firewall | 30 min |
β
Automatically grouped within time windows
β
Displayed as βincidentsβ with severity
No more guessing relationships between logs.
π Built-In Knowledge Base (55 Event IDs)
Each event includes:
- Plain English explanation
- What to check next
- Direct Microsoft Docs link
- Fallback Google search
Example:
- 4625 β Failed logon
- 7034 β Service crash
- 41 β Unexpected reboot
- 1102 β Audit log cleared (critical)
π This turns the tool into a learning + troubleshooting platform
π Powerful Filtering & Search
You can filter events by:
- Level (Critical / Error / Warning / Info)
- Source
- Date range
- Full-text search
All filters work together using AND logic.
π No more scrolling through thousands of events blindly.
π Features That Sysadmins Will Love
- β Timeline visualization (events per hour)
- β CSV export of filtered data
- β Sortable event table
- β Pagination (50 per page)
- β Dark/Light mode toggle
- β Instant event detail panel
- β Keyboard support (Escape closes panel)
All packed into a single HTML file you can share anywhere
βοΈ How It Works (Technical Breakdown)
Step 1: Discover Logs
Get-WinEvent -ListLog *Step 2: Collect Events
- Filters by time (
-Hours) - Limits events (
-MaxEventsPerLog) - Normalizes levels & messages
Step 3: Convert to JSON
Each event becomes:
- TimeCreated
- Event ID
- Level
- LogName
- Source
- Message
Step 4: Build HTML Dashboard
- Embeds data into JavaScript
- Uses Chart.js for visualization
- Fully self-contained output
π The result: a portable forensic report
π Quick Usage
# Basic run (last 24 hours)
.\EventDashboard_v2.ps1
# Custom example
.\EventDashboard_v2.ps1 -Hours 72 -MaxEventsPerLog 2000β
Automatically opens in browser
β
Generates timestamped HTML report
- Fully self-contained
- Can be emailed or archived
- No installation required
π Security Notes
- Read-only (no changes to system)
- No data leaves the machine
- HTML file contains sensitive logs β handle carefully
π Download & Demo Snippets
β Download Script (GitHub)
Download Core365 Event Dashboard Scriptβ View Sample HTML Report
View Interactive Event Dashboard Demoπ― Real-World Use Cases
β
GPO troubleshooting
β
Login/lockout investigations
β
Server crash analysis
β
Disk and hardware issues
β
Patch/Windows Update failures
β
Security auditing
π¬ FAQ
No installation required. The script runs directly using PowerShell, which is already built into Windows.
Yes. The script supports Windows Server 2016 and above, making it ideal for both servers and desktops.
Yes, but you must run PowerShell as Administrator to access Security logs.
Absolutely. The output is a single HTML file that you can email or store for later analysis.
For troubleshooting workflows β yes. It provides a much faster and more user-friendly experience than traditional Event Viewer.
π₯ Final Thoughts
Core365 Event Dashboard turns:
β Manual log hunting
π into
β Automated, visual troubleshooting
Instead of jumping between logs and tools, you now get:
- Everything collected
- Everything correlated
- Everything explained
π All in one clean dashboard.
π Call to Action
If youβre tired of switching between Event Viewer logs:
β
Try it
β
Share it with your team
β
Drop your feedback below
