| Message | Id | Version | Qualifiers | Level | Task | Opcode | Keywords | RecordId | ProviderName | ProviderId | LogName | ProcessId | ThreadId | MachineName | UserId | TimeCreated | ActivityId | RelatedActivityId | ContainerLog | MatchedQueryIds | Bookmark | LevelDisplayName | OpcodeDisplayName | TaskDisplayName | KeywordsDisplayNames | Properties |
|---|
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 7 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1128 | 1648 | n-h1-836830-16.cbci-836830-16.local | S-1-5-20 | 9/7/2022 9:41:20 AM | dcc10b61-c29d-0002-730b-c1dc9dc2d801 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 6 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1128 | 1632 | n-h1-836830-16.cbci-836830-16.local | S-1-5-20 | 9/7/2022 9:41:10 AM | dcc10b61-c29d-0002-730b-c1dc9dc2d801 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 5 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1128 | 1648 | n-h1-836830-16.cbci-836830-16.local | S-1-5-20 | 9/7/2022 9:40:45 AM | dcc10b61-c29d-0002-730b-c1dc9dc2d801 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 4 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1348 | 1712 | n-h1-836830-16 | S-1-5-20 | 9/7/2022 9:02:34 AM | 7edcfa68-c298-0003-9ffa-dc7e98c2d801 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1392 | 1532 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:41:32 AM | ad8d0f9c-9109-0001-d70f-8dad0991d301 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1524 | 1660 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:27:17 AM | aff0bd57-9107-0000-a1bd-f0af0791d301 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 1 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1524 | 1660 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:27:17 AM | aff0bd57-9107-0000-a1bd-f0af0791d301 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |