Home>Posts>Tech Explained>Diagnose System Trouble with Resource Monitor and Event Viewer

Diagnose System Trouble with Resource Monitor and Event Viewer

By ·Categories: Tech Explained·Published On: October 5th, 2016·3.7 min read·

Last week we explored a pair of useful command line utilities built into Windows – Ping and Driverquery. This week we’ll take a look at a pair of graphical utilities that also come pre-installed – Resource Monitor and Event Viewer – that can help detect and diagnose performance stumbles and system crashes. Both of these tools can be launched from the Windows 10 Start menu by clicking All Apps and opening the Windows Administrative Tools section.

Resource Monitor: See How Your System Is Doing

To diagnose a system issue, you need to know what’s going on under the hood. Windows Resource Monitor helps you do that by providing real-time tracking of CPU loads, memory usage, network traffic and disk input/output (IO). The utility features an at-a-glance interface that displays running graphs and sortable lists for all four subsystems. From this window, you can click filter checkboxes in the CPU pane to focus Resource Monitor on specific applications or processes – great for drilling down on a particular bit of software.

Windows Resource Monitor

Figure 1: Resource Monitor in Action

Resource Monitor is a go-to tool for tracking down system slowdowns and application freezes. For instance, a sluggish web browser might show runaway CPU usage – look for a spike in the CPU graph or check the average CPU usage shown in the sortable list. Also check the Memory pane to see if the application is consuming unusual amounts of system memory in the Commit (KB): column.

You can dig deeper by clicking the tabs for each of the four critical subsystems (CPU, memory, disk and network). Click the CPU tab, for instance, and you’ll see separate real-time graphs for each CPU core in your system.

Pro Tip: Need to capture a system or application glitch as it happens? Use Windows Performance Monitor to create and schedule monitoring sessions that run over a period of time and log the data to a file for analysis afterward. This is not a particularly user-friendly utility, but it does provide much more granular access to system metrics, including useful stuff like voltage and thermal levels on the motherboard.

Event Viewer: Learn What Your System Did

In the wake of a crash, as laborious as it may be, it’s always worthwhile to pick through the debris and make sense of what happened. Windows Event Viewer acts like an airplane’s black box, providing access to a database of every system action, alert, warning and crash.

If you experience an application or system crash, you can quickly sort and scroll through the time stamped events in Event Viewer to find items that correlate with your problem. Just launch Event Viewer, open the Custom Views folder in the left-side pane, and click the Administrative Events item. This displays only heightened status events, which are those flagged as Error, Warning or Critical. You will see a bunch of warnings and errors – these are typically routine events that appear even in a healthy system. Click an event and you will see its detailed information, as shown in Figure 2.

Windows Event Viewer

Figure 2: Windows Event Viewer flags an ugly system shutdown

You can use filters to track down recurring problems in Event Viewer–such as the Kernel-Power system crash shown above. In the left pane, expand the Windows Logs folder and click the System item to bring up the list of system events (the Administrative Events list doesn’t let you use filters). In the right pane, click Filter Current Log and in the dialog box that appears check the Critical check box in the Event level section, then click the Event sources drop-down list and select Kernel-Power. Click OK. Event Viewer now shows only Critical events with the source Kernel-Power – all of which are probably sudden shutdown events.

There’s a whole lot more you can do in Event Viewer, including creating custom views of events and assigning tasks that execute when a specific event occurs. It’s definitely worth spending some time to explore this application, it could save you from future frustrations if you’re able to diagnose and treat a potential problem before it rears its ugly head again.

If you missed last week’s post about working with Ping and DriveQuery, click here, and be sure to subscribe to The I/O Hub for all of our how-tos and technology updates.

Get the Latest Tech Updates

Subscribe to our newsletters to get updates from OnLogic delivered straight to your inbox. News and insights from our team of experts are just a click away. Hit the button to head to our subscription page.


About the Author: Darek Fanton

Darek is the Communications Manager at OnLogic. His passion for both journalism and technology has led him from the newsrooms of local papers to the manufacturing floor of IBM. His background in news gathering has him always on the lookout for the latest in emerging tech and the best ways to share that information with readers. In addition to his affinity for words, Darek is a music lover, juggler and huge fan of terrible jokes.

More Articles