Microsoft-Windows-Search

258 events across 2 channels

Event ID	Title	Channel
1003	The Windows Search Service started.	Application
1003		Operational
1004	The Windows Search service is creating the new search index {Reason: Full Index …	Application
1004		Operational
1005	The Windows Search Service has successfully created the new search index.	Application
1005		Operational
1006		Operational
1007		Operational
1008	The Windows Search Service is starting up and attempting to remove the old …	Application
1008		Operational
1009		Operational
1010	The Windows Search Service has successfully removed the old search index.	Application
1010		Operational
1011		Operational
1013	Windows Search Service stopped normally.	Application
1013		Operational
1014		Operational
1015		Operational
1016		Operational
1017		Operational
1018		Operational
1019		Operational
1044		Operational
1053		Operational
3003		Operational
3006		Operational
3007		Operational
3008		Operational
3009		Operational
3010		Operational
3011		Operational
3013		Operational
3014		Operational
3015		Operational
3020		Operational
3023		Operational
3024		Operational
3025		Operational
3026		Operational
3027		Operational
3028		Operational
3029		Operational
3030		Operational
3031		Operational
3032		Operational
3033		Operational
3034		Operational
3036		Operational
3037		Operational
3038		Operational
3039		Operational
3040		Operational
3041		Operational
3042		Operational
3044		Operational
3045		Operational
3046		Operational
3048		Operational
3050		Operational
3052		Operational
3053		Operational
3054		Operational
3055		Operational
3056		Operational
3057		Operational
3058		Operational
3059		Operational
3060		Operational
3061		Operational
3062		Operational
3072		Operational
3073		Operational
3078		Operational
3079		Operational
3083		Operational
3084		Operational
3085		Operational
3086		Operational
3087		Operational
3088		Operational
3089		Operational
3090		Operational
3091		Operational
3092		Operational
3093		Operational
3095		Operational
3096		Operational
3097		Operational
3099		Operational
3100		Operational
3101		Operational
4103		Operational
4104		Operational
4105		Operational
4106		Operational
4121		Application
4121		Operational
4138		Operational
4163		Operational
4164		Operational
4165		Operational
4166		Operational
4167		Operational
4168		Operational
4169		Operational
7001		Operational
7010		Operational
7011		Operational
7013		Operational
7040		Operational
7042		Operational
7043		Operational
7064		Operational
7066		Operational
7068		Operational
7070		Operational
7071		Operational
9000		Operational
9001		Operational
9002		Operational
9003		Operational
10013		Operational
10014		Operational
10020		Operational
10021		Operational
10022		Operational
10023		Operational
10024		Application
10024		Operational
10025		Operational
10026		Operational
10027		Operational
10028		Operational
1073742827	The Windows Search Service started.	Operational
1073742828	The Windows Search service is creating the new search index {Reason: Reason}.	Operational
1073742829	The Windows Search Service has successfully created the new search index.	Operational
1073742834	The Windows Search Service has successfully removed the old search index.	Operational
1073742837	Windows Search Service stopped normally.	Operational
1073742841	The Windows Search Service successfully moved index files from OldIndexPath to …	Operational
1073744865	The index is being reset.	Operational
1073744868	The gatherer index resumed.	Operational
1073744876	The crawl was requested to be stopped.	Operational
1073744884	An update cannot begin because the content source <.	Operational
1073744919	The group Domain\Account contains Users members.	Operational
1073744920	The local groups cache was flushed, because Reason.	Operational
1073745927	ExtraInfoA master merge has completed for catalog CatalogName.	Operational
1073745928	ExtraInfoA master merge has been paused for catalog CatalogName due to error …	Operational
1073745945	ExtraInfoA master merge has restarted for catalog CatalogName.	Operational
1073745962	An index corruption was detected in component Component in catalog CatalogName.	Operational
1073745987	ExtraInfoA master merge has been paused for catalog CatalogName due to low disk …	Operational
1073745988	1CatalogCatalog: ExtraInfo.	Operational
1073745989	1CatalogCatalog: ExtraInfo.	Operational
1073745990	1CatalogCatalog: ExtraInfo.	Operational
1073745991	1CatalogCatalog: ExtraInfo.	Operational
1073748866	The Windows Search Service is being stopped because there is a problem with the …	Operational
2147484656	The Windows Search Service is starting up and attempting to remove the old …	Operational
2147484662	The Windows Search Service has failed to create one or more path rules.	Operational
2147484663	Event ID EventID for the Windows Search Service has been suppressed RepeatCount …	Operational
2147484666	While rolling back the index, the Windows Search Service encountered the …	Operational
2147484692	An error occurred in configuration file <FileName>.	Operational
2147484701	The system exception Code occurred, and will be handled.	Operational
2147486671	The update cannot be started because all of the content sources were excluded by …	Operational
2147486672	The update cannot be started because the content sources cannot be accessed.	Operational
2147486684	Crawl could not be completed on content source <URL>.	Operational
2147486685	Crawl could not be started on content source <URL>.	Operational
2147486686	The gatherer is unable to read the registry RegPath.	Operational
2147486687	A request to start the update has been ignored because the update is already in …	Operational
2147486690	The index was paused.	Operational
2147486693	The automatic description length was adjusted from OldLength to NewLength.	Operational
2147486694	The update for the index cannot be started because the specified content sources …	Operational
2147486701	The previous update was reset, or was otherwise interrupted.	Operational
2147486702	The update has been delayed because a disk is full.	Operational
2147486703	The gatherer property mapping file cannot be opened.	Operational
2147486704	The automatic description encoding tag value is invalid.	Operational
2147486709	The gatherer log cannot be created.	Operational
2147486710	The word breaker for language <Locale> cannot be loaded.	Operational
2147486720	The gatherer is recovering after an improper shutdown.	Operational
2147486721	The gatherer detected pages in the history during recovery that cannot be read, …	Operational
2147486726	The Windows Search service stopped the Protocol Host process because it was …	Operational
2147486734	The system locale has changed.	Operational
2147487816	ExtraInfo Unable to create the query engine's first request item due to error …	Operational
2147487817	Error ID Phase happened in Windows Search recovery stage, please restart the …	Operational
2147492651	The Windows Search Service cannot initialize multi-instancing in Jet.	Operational
2147493661	The noise files cannot be renamed.	Operational
2147493662	The noise file "OldNoiseFile"" cannot be renamed to ""NewNoiseFile"".	Operational
2147493668	Performance Counters could not be loaded for Driver for instance InstanceName …	Operational
2147493669	Could not get performance counter registry info for Driver for instance …	Operational
2147493670	Performance counters will not be loaded because the named objects (shared memory …	Operational
2147493671	The protocol host process ProtocolHostProcessID did not respond and is being …	Operational
2147493672	The filter host process FilterHostProcessID did not respond and is being …	Operational
2147493673	The search service has failed to create database instance for the index …	Operational
2147493674	The search service has failed to configure maximum number of database instance.	Operational
2147493675	The search service has failed to create or load catalog for an user with SID {.	Operational
2147493676	The search service has failed to unload catalog for an user with SID {SID}.	Operational
3221226478	The Windows Search Service has failed to create the new search index.	Operational
3221226479	The Windows Search Service was unable to allocate memory.	Operational
3221226481	An exception occurred in Address.	Operational
3221226483	The Windows Search Service has failed to remove the old search index.	Operational
3221226488	The Windows Search Service failed to move Index files from OldIndexPath to …	Operational
3221226491	Windows Search Service failed to process the list of included and excluded …	Operational
3221228475	A configuration error occurred.	Operational
3221228478	Performance monitoring cannot be initialized for the gatherer service, because …	Operational
3221228479	Performance monitoring cannot be initialized for the gatherer object, because …	Operational
3221228480	The entry <Entry> cannot be inserted into the history.	Operational
3221228481	The transaction object cannot be created.	Operational
3221228482	The transaction cannot be appended to the queue.	Operational
3221228483	The transaction cannot be updated in the queue.	Operational
3221228485	The entry <Entry> in the hash map cannot be updated.	Operational
3221228486	An exception occurred.	Operational
3221228487	The transaction file cannot be read.	Operational
3221228492	Internal gatherer error ErrorCode occurred.	Operational
3221228497	Critical error ErrorCode occurred, and the index was shut down.	Operational
3221228498	Advise Status Change failed.	Operational
3221228499	The URL <URL> cannot be crawled.	Operational
3221228500	The gatherer object cannot be initialized.	Operational
3221228501	The plug-in in <Plugin> cannot be initialized.	Operational
3221228502	The gatherer service cannot be initialized.	Operational
3221228503	A document ID cannot be allocated.	Operational
3221228504	A document ID cannot be freed.	Operational
3221228505	A new queue file cannot be created.	Operational
3221228506	The registry version does not match with the expected <.	Operational
3221228512	The status change request RequestedStatusMessage cannot be processed.	Operational
3221228520	No documents were accessed because no e-mail address is specified in the content …	Operational
3221228522	Unvisited items cannot be deleted from the history after a full update.	Operational
3221228529	The plug-in manager <PluginManager> cannot be initialized.	Operational
3221228530	The application cannot be initialized.	Operational
3221228531	The update cannot be initialized.	Operational
3221228551	Notifications for the volume VolumeName are not active.	Operational
3221228555	The protocol handler ProtocolHandler cannot be loaded.	Operational
3221228556	Failed to load protocol handler ProtocolHandler.	Operational
3221228557	The application network access account is invalid.	Operational
3221228559	The gatherer files cannot be flushed, and this action cannot be completed.	Operational
3221228560	The checkpoint record cannot be updated, and this action cannot be completed.	Operational
3221228561	The gatherer files cannot be saved, and this action cannot be completed.	Operational
3221228562	The gatherer files from the previous checkpoint cannot be restored, and this …	Operational
3221228563	The checkpoint record cannot be read, and this action cannot be completed.	Operational
3221228564	The project cannot be initialized, because the checkpoint record cannot be read.	Operational
3221228565	The project cannot be initialized, because one of the checkpoint files is …	Operational
3221228569	The gatherer did not connect to the SQLServer instance.	Operational
3221228571	Unable to terminate notifications normally.	Operational
3221228572	Unable to initialize the filter host process.	Operational
3221228573	The filter host process could not be terminated.	Operational
3221229577	ExtraInfoA master merge cannot be started for catalog CatalogName due to error …	Operational
3221229578	ExtraInfoA master merge cannot be re-started for catalog CatalogName due to …	Operational
3221232473	The schema file <SrcFile> cannot be copied to <DstFile>.	Operational
3221232482	The index cannot be initialized.	Operational
3221232483	Directory location <Directory> is invalid.	Operational
3221232485	The update was paused because the disk <Directory> is full.	Operational
3221232512	The search service has detected corrupted data files in the index …	Operational
3221232515	The index cannot be loaded.	Operational
3221232536	Performance monitoring cannot be initialized because the counters are not loaded …	Operational
3221232538	Configuration directory Directory is missing, and disaster recovery must be …	Operational
3221232540	The registry cannot be read, possibly because the registry keys for this index …	Operational
3221232542	The Windows Search Service added catalog ExtraInfo.	Operational
3221232543	The Windows Search Service removed index ExtraInfo.	Operational
3221234472	The Windows Search Service cannot open the Jet property store.	Operational
3221234473	The Windows Search Service cannot create a Jet property store.	Operational
3221234474	The Windows Search Service cannot load the property store information.	Operational

Event ID 1003 — The Windows Search Service started.

Provider: Microsoft-Windows-Search
Channel: Application
Level: Informational

Fields #

Name	Description
`Data`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Search",
    "guid": "{CA4E628D-8567-4896-AB6B-835B221F373F}",
    "event_source_name": "Windows Search Service",
    "event_id": 1003,
    "version": 0,
    "level": 4,
    "task": 1,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2023-11-06T06:25:51.885710+00:00",
    "event_record_id": 1450,
    "correlation": {},
    "execution": {
      "process_id": 5004,
      "thread_id": 0
    },
    "channel": "Application",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "Data": {
      "Name": "ExtraInfo",
      "Value": "\n"
    }
  },
  "message": "The Windows Search Service started.ExtraInfo"
}

References #

Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Event ID 1003 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 1004 — The Windows Search service is creating the new search index {Reason: Full Index Reset}.

Provider: Microsoft-Windows-Search
Channel: Application
Level: Informational

Fields #

Name	Description
`ExtraInfo`	—
`Reason`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Search",
    "guid": "{CA4E628D-8567-4896-AB6B-835B221F373F}",
    "event_source_name": "Windows Search Service",
    "event_id": 1004,
    "version": 0,
    "level": 4,
    "task": 1,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2023-11-06T06:25:51.187482+00:00",
    "event_record_id": 1447,
    "correlation": {},
    "execution": {
      "process_id": 5004,
      "thread_id": 0
    },
    "channel": "Application",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "ExtraInfo": "\n",
    "Reason": "Full Index Reset"
  },
  "message": "The Windows Search service is creating the new search index {Reason: Full Index Reset}. \n"
}

References #

Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Event ID 1004 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Reason` UnicodeString	—

Event ID 1005 — The Windows Search Service has successfully created the new search index.

Provider: Microsoft-Windows-Search
Channel: Application
Level: Informational

Fields #

Name	Description
`Data`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Search",
    "guid": "{CA4E628D-8567-4896-AB6B-835B221F373F}",
    "event_source_name": "Windows Search Service",
    "event_id": 1005,
    "version": 0,
    "level": 4,
    "task": 1,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2023-11-06T06:25:51.828936+00:00",
    "event_record_id": 1449,
    "correlation": {},
    "execution": {
      "process_id": 5004,
      "thread_id": 0
    },
    "channel": "Application",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "Data": {
      "Name": "ExtraInfo",
      "Value": "\n"
    }
  },
  "message": "The Windows Search Service has successfully created the new search index. ExtraInfo"
}

References #

Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Event ID 1005 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 1006 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Phase` UnicodeString	—
`HR` UnicodeString	—
`DiagnosticsInfo` UnicodeString	—

Event ID 1007 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 1008 — The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Provider: Microsoft-Windows-Search
Channel: Application
Level: Warning

Fields #

Name	Description
`ExtraInfo`	—
`Reason`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Search",
    "guid": "{CA4E628D-8567-4896-AB6B-835B221F373F}",
    "event_source_name": "Windows Search Service",
    "event_id": 1008,
    "version": 0,
    "level": 3,
    "task": 1,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2023-11-06T06:25:47.791114+00:00",
    "event_record_id": 1444,
    "correlation": {},
    "execution": {
      "process_id": 5004,
      "thread_id": 0
    },
    "channel": "Application",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "ExtraInfo": "\n",
    "Reason": "Full Index Reset"
  },
  "message": "The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. \n"
}

References #

Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Event ID 1008 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Reason` UnicodeString	—

Event ID 1009 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Address` UnicodeString	—

Event ID 1010 — The Windows Search Service has successfully removed the old search index.

Provider: Microsoft-Windows-Search
Channel: Application
Level: Informational

Fields #

Name	Description
`Data`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Search",
    "guid": "{CA4E628D-8567-4896-AB6B-835B221F373F}",
    "event_source_name": "Windows Search Service",
    "event_id": 1010,
    "version": 0,
    "level": 4,
    "task": 1,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2023-11-06T06:25:47.798155+00:00",
    "event_record_id": 1445,
    "correlation": {},
    "execution": {
      "process_id": 5004,
      "thread_id": 0
    },
    "channel": "Application",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "Data": {
      "Name": "ExtraInfo",
      "Value": "\n"
    }
  },
  "message": "The Windows Search Service has successfully removed the old search index. ExtraInfo"
}

References #

Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Event ID 1010 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 1011 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Phase` UnicodeString	—
`HR` UnicodeString	—

Event ID 1013 — Windows Search Service stopped normally.

Provider: Microsoft-Windows-Search
Channel: Application
Level: Informational

Fields #

Name	Description
`Data`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Search",
    "guid": "{CA4E628D-8567-4896-AB6B-835B221F373F}",
    "event_source_name": "Windows Search Service",
    "event_id": 1013,
    "version": 0,
    "level": 4,
    "task": 1,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2023-10-25T22:56:14.357450+00:00",
    "event_record_id": 1432,
    "correlation": {},
    "execution": {
      "process_id": 7916,
      "thread_id": 0
    },
    "channel": "Application",
    "computer": "WinDevEval",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "Data": {
      "Name": "ExtraInfo",
      "Value": "\n"
    }
  },
  "message": "Windows Search Service stopped normally.ExtraInfo"
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1013 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 1014 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`DebugInfo` UnicodeString	—

Event ID 1015 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`EventID` UnicodeString	—
`RepeatCount` UnicodeString	—
`ReferenceTime` UnicodeString	—

Event ID 1016 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`OldIndexPath` UnicodeString	—
`NewIndexPath` UnicodeString	—
`Phase` UnicodeString	—
`ErrorCode` UnicodeString	—

Event ID 1017 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`OldIndexPath` UnicodeString	—
`NewIndexPath` UnicodeString	—

Event ID 1018 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`OldIndexPath` UnicodeString	—
`NewIndexPath` UnicodeString	—
`Phase` UnicodeString	—
`ErrorCode` UnicodeString	—

Event ID 1019 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Phase` UnicodeString	—
`ErrorCode` UnicodeString	—
`Path` UnicodeString	—

Event ID 1044 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`FileName` UnicodeString	—

Event ID 1053 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`Code` UnicodeString	—
`StackTrace` UnicodeString	—

Event ID 3003 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3006 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3007 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3008 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Entry` UnicodeString	—

Event ID 3009 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3010 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`FilePath` UnicodeString	—

Event ID 3011 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`FilePath` UnicodeString	—

Event ID 3013 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Entry` UnicodeString	—

Event ID 3014 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`ID` UnicodeString	—

Event ID 3015 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3020 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`ErrorCode` UnicodeString	—

Event ID 3023 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3024 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3025 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`ErrorCode` UnicodeString	—

Event ID 3026 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3027 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`URL` UnicodeString	—

Event ID 3028 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3029 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Plugin` UnicodeString	—

Event ID 3030 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3031 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3032 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3033 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3034 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`ExpectedVersion` UnicodeString	—

Event ID 3036 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`URL` UnicodeString	—

Event ID 3037 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`URL` UnicodeString	—

Event ID 3038 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`RegPath` UnicodeString	—

Event ID 3039 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3040 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`RequestedStatusMessage` UnicodeString	—

Event ID 3041 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3042 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3044 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3045 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`OldLength` UnicodeString	—
`NewLength` UnicodeString	—

Event ID 3046 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3048 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3050 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3052 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3053 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3054 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3055 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3056 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3057 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`PluginManager` UnicodeString	—

Event ID 3058 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3059 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3060 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`URL` UnicodeString	—

Event ID 3061 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3062 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Locale` UnicodeString	—

Event ID 3072 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3073 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3078 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3079 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`VolumeName` UnicodeString	—

Event ID 3083 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`ProtocolHandler` UnicodeString	—
`ErrorMessage` UnicodeString	—

Event ID 3084 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`ProtocolHandler` UnicodeString	—
`ErrorMessage` UnicodeString	—

Event ID 3085 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3086 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3087 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3088 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3089 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3090 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3091 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3092 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3093 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3095 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Domain` UnicodeString	—
`Account` UnicodeString	—
`Users` UnicodeString	—
`MaxUsers` UnicodeString	—

Event ID 3096 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Reason` UnicodeString	—

Event ID 3097 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3099 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3100 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3101 —

Provider: Microsoft-Windows-Search
Channel: Operational

Event ID 4103 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`CatalogName` UnicodeString	—

Event ID 4104 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`CatalogName` UnicodeString	—
`ErrorMessage` UnicodeString	—

Event ID 4105 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`CatalogName` UnicodeString	—
`ErrorMessage` UnicodeString	—

Event ID 4106 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`CatalogName` UnicodeString	—
`ErrorMessage` UnicodeString	—

Event ID 4121 —

Provider: Microsoft-Windows-Search
Channel: Application
Level: Informational

Fields #

Name	Description
`ExtraInfo`	—
`CatalogName`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Search",
    "guid": "{CA4E628D-8567-4896-AB6B-835B221F373F}",
    "event_source_name": "Windows Search Service",
    "event_id": 4121,
    "version": 0,
    "level": 4,
    "task": 1,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2014-11-26T23:22:14.000000Z",
    "event_record_id": 1157,
    "correlation": {},
    "execution": {
      "process_id": 0,
      "thread_id": 0
    },
    "channel": "Application",
    "computer": "IE10Win7",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "ExtraInfo": "\n",
    "CatalogName": "SystemIndex"
  }
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 4121 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`CatalogName` UnicodeString	—

Event ID 4138 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Component` UnicodeString	—
`CatalogName` UnicodeString	—

Event ID 4163 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`CatalogName` UnicodeString	—

Event ID 4164 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`CatalogName` UnicodeString	—

Event ID 4165 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`CatalogName` UnicodeString	—
`IndexesPerMergeLevel` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4166 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`CatalogName` UnicodeString	—
`ExpectedDocCount` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4167 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`CatalogName` UnicodeString	—
`MasterMergeReason` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4168 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`ErrorMessage` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4169 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Phase` UnicodeString	—

Event ID 7001 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`SrcFile` UnicodeString	—
`DstFile` UnicodeString	—

Event ID 7010 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 7011 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Directory` UnicodeString	—

Event ID 7013 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Directory` UnicodeString	—

Event ID 7040 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`CorruptionId` UnicodeString	—

Event ID 7042 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Reason` UnicodeString	—

Event ID 7043 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 7064 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 7066 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Directory` UnicodeString	—

Event ID 7068 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 7070 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 7071 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 9000 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 9001 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 9002 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 9003 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 10013 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 10014 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`OldNoiseFile` UnicodeString	—
`NewNoiseFile` UnicodeString	—

Event ID 10020 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`Driver` UnicodeString	—
`InstanceName` UnicodeString	—
`InstanceNum` UnicodeString	—
`ErrorMessage` UnicodeString	—

Event ID 10021 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`Driver` UnicodeString	—
`InstanceName` UnicodeString	—
`InstanceNum` UnicodeString	—
`ErrorMessage` UnicodeString	—

Event ID 10022 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`Driver` UnicodeString	—
`InstanceName` UnicodeString	—
`InstanceNum` UnicodeString	—

Event ID 10023 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`ProtocolHostProcessID` UnicodeString	—
`FilterHostProcessID` UnicodeString	—

Event ID 10024 —

Provider: Microsoft-Windows-Search
Channel: Application
Level: Warning

Fields #

Name	Description
`ExtraInfo`	—
`FilterHostProcessID`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Search",
    "guid": "{CA4E628D-8567-4896-AB6B-835B221F373F}",
    "event_source_name": "Windows Search Service",
    "event_id": 10024,
    "version": 0,
    "level": 3,
    "task": 3,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2014-11-25T22:48:11.000000Z",
    "event_record_id": 1044,
    "correlation": {},
    "execution": {
      "process_id": 0,
      "thread_id": 0
    },
    "channel": "Application",
    "computer": "IE8Win7",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "ExtraInfo": "\n",
    "FilterHostProcessID": "4008"
  }
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 10024 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`FilterHostProcessID` UnicodeString	—

Event ID 10025 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 10026 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 10027 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`SID` UnicodeString	—

Event ID 10028 —

Provider: Microsoft-Windows-Search
Channel: Operational

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`SID` UnicodeString	—

Event ID 1073742827 — The Windows Search Service started.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The Windows Search Service started.ExtraInfo.

Message #

The Windows Search Service started.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	The Windows Search Service started.

Event ID 1073742828 — The Windows Search service is creating the new search index {Reason: Reason}.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The Windows Search service is creating the new search index {Reason: Reason}. ExtraInfo.

Message #

The Windows Search service is creating the new search index {Reason: %2}. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Reason` UnicodeString	The Windows Search service is creating the new search index {Reason

Event ID 1073742829 — The Windows Search Service has successfully created the new search index.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The Windows Search Service has successfully created the new search index. ExtraInfo.

Message #

The Windows Search Service has successfully created the new search index. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	The Windows Search Service has successfully created the new search index.

Event ID 1073742834 — The Windows Search Service has successfully removed the old search index.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The Windows Search Service has successfully removed the old search index. ExtraInfo.

Message #

The Windows Search Service has successfully removed the old search index. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 1073742837 — Windows Search Service stopped normally.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

Windows Search Service stopped normally.ExtraInfo.

Message #

Windows Search Service stopped normally.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 1073742841 — The Windows Search Service successfully moved index files from OldIndexPath to NewIndexPath.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The Windows Search Service successfully moved index files from OldIndexPath to NewIndexPath. ExtraInfo.

Message #

The Windows Search Service successfully moved index files from %2 to %3. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`OldIndexPath` UnicodeString	—
`NewIndexPath` UnicodeString	—

Event ID 1073744865 — The index is being reset.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The index is being reset.ExtraInfo.

Message #

The index is being reset.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 1073744868 — The gatherer index resumed.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The gatherer index resumed.ExtraInfo.

Message #

The gatherer index resumed.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 1073744876 — The crawl was requested to be stopped.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The crawl was requested to be stopped.ExtraInfo.

Message #

The crawl was requested to be stopped.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 1073744884 — An update cannot begin because the content source <.

Provider: Microsoft-Windows-Search
Channel: Operational

Message #

An update cannot begin because the content source <%2> is in use by another update already in progress. The update will start as soon as all its content sources are released by updates already in progress.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`URL` UnicodeString	—

Event ID 1073744919 — The group Domain\Account contains Users members.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The group Domain\Account contains Users members. Groups over MaxUsers members are not expanded. ExtraInfo.

Message #

The group %2\%3 contains %4 members. Groups over %5 members are not expanded. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Domain` UnicodeString	—
`Account` UnicodeString	—
`Users` UnicodeString	—
`MaxUsers` UnicodeString	—

Event ID 1073744920 — The local groups cache was flushed, because Reason.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The local groups cache was flushed, because Reason. ExtraInfo.

Message #

The local groups cache was flushed, because %2. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Reason` UnicodeString	—

Event ID 1073745927 — ExtraInfoA master merge has completed for catalog CatalogName.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

ExtraInfoA master merge has completed for catalog CatalogName.

Message #

%1A master merge has completed for catalog %2.

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`CatalogName` UnicodeString	—

Event ID 1073745928 — ExtraInfoA master merge has been paused for catalog CatalogName due to error ErrorMessage.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

ExtraInfoA master merge has been paused for catalog CatalogName due to error ErrorMessage. It will be rescheduled later.

Message #

%1A master merge has been paused for catalog %2 due to error %3. It will be rescheduled later.

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`CatalogName` UnicodeString	—
`ErrorMessage` UnicodeString	—

Event ID 1073745945 — ExtraInfoA master merge has restarted for catalog CatalogName.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

ExtraInfoA master merge has restarted for catalog CatalogName.

Message #

%1A master merge has restarted for catalog %2.

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`CatalogName` UnicodeString	—

Event ID 1073745962 — An index corruption was detected in component Component in catalog CatalogName.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

An index corruption was detected in component Component in catalog CatalogName.ExtraInfo.

Message #

An index corruption was detected in component %2 in catalog %3.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Component` UnicodeString	—
`CatalogName` UnicodeString	—

Event ID 1073745987 — ExtraInfoA master merge has been paused for catalog CatalogName due to low disk space.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

ExtraInfoA master merge has been paused for catalog CatalogName due to low disk space. The merge will be rescheduled later. Please free some disk space for indexing to continue.

Message #

%1A master merge has been paused for catalog %2 due to low disk space. The merge will be rescheduled later.  Please free some disk space for indexing to continue.

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`CatalogName` UnicodeString	—

Event ID 1073745988 — 1CatalogCatalog: ExtraInfo.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

1CatalogCatalog: ExtraInfo. A master merge was started due to an external request.

Message #

%1Catalog: %2. A master merge was started due to an external request.

Fields #

Name	Description
`1Catalog`	—
`ExtraInfo` UnicodeString	—
`CatalogName` UnicodeString	—

Event ID 1073745989 — 1CatalogCatalog: ExtraInfo.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

1CatalogCatalog: ExtraInfo. A master merge was started because the catalog reached the maximum number of indexes on the last level (CatalogName).

Message #

%1Catalog: %2. A master merge was started because the catalog reached the maximum number of indexes on the last level (%3).

Fields #

Name	Description
`1Catalog`	—
`ExtraInfo` UnicodeString	—
`CatalogName` UnicodeString	—
`IndexesPerMergeLevel` UnicodeString	—
`binary` Binary	—

Event ID 1073745990 — 1CatalogCatalog: ExtraInfo.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

1CatalogCatalog: ExtraInfo. A master merge was started because the expected number of documents in the catalog (CatalogName) were indexed.

Message #

%1Catalog: %2. A master merge was started because the expected number of documents in the catalog (%3) were indexed.

Fields #

Name	Description
`1Catalog`	—
`ExtraInfo` UnicodeString	—
`CatalogName` UnicodeString	—
`ExpectedDocCount` UnicodeString	—
`binary` Binary	—

Event ID 1073745991 — 1CatalogCatalog: ExtraInfo.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

1CatalogCatalog: ExtraInfo. The master merge was started because of internal reason number CatalogName.

Message #

%1Catalog: %2. The master merge was started because of internal reason number %3.

Fields #

Name	Description
`1Catalog`	—
`ExtraInfo` UnicodeString	—
`CatalogName` UnicodeString	—
`MasterMergeReason` UnicodeString	—
`binary` Binary	—

Event ID 1073748866 — The Windows Search Service is being stopped because there is a problem with the indexer: Reason.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The Windows Search Service is being stopped because there is a problem with the indexer: Reason.ExtraInfo.

Message #

The Windows Search Service is being stopped because there is a problem with the indexer: %2.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Reason` UnicodeString	—

Event ID 2147484656 — The Windows Search Service is starting up and attempting to remove the old search index {Reason: Reason}.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The Windows Search Service is starting up and attempting to remove the old search index {Reason: Reason}. ExtraInfo.

Message #

The Windows Search Service is starting up and attempting to remove the old search index {Reason: %2}. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Reason` UnicodeString	—

Event ID 2147484662 — The Windows Search Service has failed to create one or more path rules.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The Windows Search Service has failed to create one or more path rules. The service will continue creating the SystemIndex search index. Debug information: <DebugInfo>. ExtraInfo.

Message #

The Windows Search Service has failed to create one or more path rules.  The service will continue creating the SystemIndex search index.  Debug information: <%2>. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`DebugInfo` UnicodeString	—

Event ID 2147484663 — Event ID EventID for the Windows Search Service has been suppressed RepeatCount time(s) since ReferenceTime.

Provider: Microsoft-Windows-Search
Channel: Operational

Message #

Event ID %2 for the Windows Search Service has been suppressed %3 time(s) since %4. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time.  See Event ID %2 for further details on this event.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`EventID` UnicodeString	—
`RepeatCount` UnicodeString	—
`ReferenceTime` UnicodeString	—

Event ID 2147484666 — While rolling back the index, the Windows Search Service encountered the following error: <Phase,ErrorCode>.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

While rolling back the index, the Windows Search Service encountered the following error: <Phase,ErrorCode>. Index files were not moved from OldIndexPath to NewIndexPath. ExtraInfo.

Message #

While rolling back the index, the Windows Search Service encountered the following error: <%4,%5>. Index files were not moved from %2 to %3. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`OldIndexPath` UnicodeString	—
`NewIndexPath` UnicodeString	—
`Phase` UnicodeString	—
`ErrorCode` UnicodeString	—

Event ID 2147484692 — An error occurred in configuration file <FileName>.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

An error occurred in configuration file <FileName>.ExtraInfo.

Message #

An error occurred in configuration file <%2>.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`FileName` UnicodeString	—

Event ID 2147484701 — The system exception Code occurred, and will be handled.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The system exception Code occurred, and will be handled. If this causes problems, contact Microsoft Product Support Services and include the stack trace in the event. StackTrace.

Message #

The system exception %1 occurred, and will be handled.  If this causes problems, contact Microsoft Product Support Services and include the stack trace in the event. %2.

Fields #

Name	Description
`Code` UnicodeString	—
`StackTrace` UnicodeString	—

Event ID 2147486671 — The update cannot be started because all of the content sources were excluded by site path rules, or removed from the index configuration.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The update cannot be started because all of the content sources were excluded by site path rules, or removed from the index configuration.ExtraInfo.

Message #

The update cannot be started because all of the content sources were excluded by site path rules, or removed from the index configuration.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 2147486672 — The update cannot be started because the content sources cannot be accessed.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.ExtraInfo.

Message #

The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 2147486684 — Crawl could not be completed on content source <URL>.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

Crawl could not be completed on content source <URL>.ExtraInfo.

Message #

Crawl could not be completed on content source <%2>.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`URL` UnicodeString	—

Event ID 2147486685 — Crawl could not be started on content source <URL>.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

Crawl could not be started on content source <URL>.ExtraInfo.

Message #

Crawl could not be started on content source <%2>.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`URL` UnicodeString	—

Event ID 2147486686 — The gatherer is unable to read the registry RegPath.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The gatherer is unable to read the registry RegPath.ExtraInfo.

Message #

The gatherer is unable to read the registry %2.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`RegPath` UnicodeString	—

Event ID 2147486687 — A request to start the update has been ignored because the update is already in progress or is scheduled on one or more content sources.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

A request to start the update has been ignored because the update is already in progress or is scheduled on one or more content sources.ExtraInfo.

Message #

A request to start the update has been ignored because the update is already in progress or is scheduled on one or more content sources.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 2147486690 — The index was paused.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The index was paused.ExtraInfo.

Message #

The index was paused.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 2147486693 — The automatic description length was adjusted from OldLength to NewLength.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The automatic description length was adjusted from OldLength to NewLength.ExtraInfo.

Message #

The automatic description length was adjusted from %2 to %3.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`OldLength` UnicodeString	—
`NewLength` UnicodeString	—

Event ID 2147486694 — The update for the index cannot be started because the specified content sources were not configured for updates.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The update for the index cannot be started because the specified content sources were not configured for updates. Add at least one content source.ExtraInfo.

Message #

The update for the index cannot be started because the specified content sources were not configured for updates. Add at least one content source.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 2147486701 — The previous update was reset, or was otherwise interrupted.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The previous update was reset, or was otherwise interrupted. A full update of all content sources will be automatically started. ExtraInfo.

Message #

The previous update was reset, or was otherwise interrupted. A full update of all content sources will be automatically started. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 2147486702 — The update has been delayed because a disk is full.

Provider: Microsoft-Windows-Search
Channel: Operational

Message #

The update has been delayed because a disk is full. Check the system default temp location and the drive on which search catalog is created. The system default temp location is used for creation of temporary files during crawling. If it is full, crawling pauses. If the system default temp location is full, change the location to a disk with more free space and restart the computer. Changes to the system temp location do not take effect for system services until the computer is restarted.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 2147486703 — The gatherer property mapping file cannot be opened.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The gatherer property mapping file cannot be opened. The default values are being used. You may have to copy the property mapping file from the setup CD, or reinstall the application.ExtraInfo.

Message #

The gatherer property mapping file cannot be opened. The default values are being used. You may have to copy the property mapping file from the setup CD, or reinstall the application.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 2147486704 — The automatic description encoding tag value is invalid.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The automatic description encoding tag value is invalid. The gatherer is setting this value to "yes"". Fix the gthrprm.txt file.ExtraInfo.

Message #

The automatic description encoding tag value is invalid. The gatherer is setting this value to "yes"". Fix the gthrprm.txt file.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 2147486709 — The gatherer log cannot be created.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The gatherer log cannot be created.ExtraInfo.

Message #

The gatherer log cannot be created.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 2147486710 — The word breaker for language <Locale> cannot be loaded.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The word breaker for language <Locale> cannot be loaded.ExtraInfo.

Message #

The word breaker for language <%2> cannot be loaded.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Locale` UnicodeString	—

Event ID 2147486720 — The gatherer is recovering after an improper shutdown.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The gatherer is recovering after an improper shutdown. This will delay availability of gathering functions, and may result in some noncritical data loss.ExtraInfo.

Message #

The gatherer is recovering after an improper shutdown.  This will delay availability of gathering functions, and may result in some noncritical data loss.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 2147486721 — The gatherer detected pages in the history during recovery that cannot be read, and repaired them.

Provider: Microsoft-Windows-Search
Channel: Operational

Message #

The gatherer detected pages in the history during recovery that cannot be read, and repaired them.  However, statistical data for some URLs may have been lost.  This can be caused by restarting a computer without first shutting down Windows, or by disk failure.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 2147486726 — The Windows Search service stopped the Protocol Host process because it was consuming too many resources.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The Windows Search service stopped the Protocol Host process because it was consuming too many resources. A new Protocol Host process will be started. No user action is required.ExtraInfo.

Message #

The Windows Search service stopped the Protocol Host process because it was consuming too many resources.  A new Protocol Host process will be started.  No user action is required.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 2147486734 — The system locale has changed.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The system locale has changed. Existing data will be deleted and the index must be recreated.ExtraInfo.

Message #

The system locale has changed. Existing data will be deleted and the index must be recreated.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 2147487816 — ExtraInfo Unable to create the query engine's first request item due to error ErrorMessage.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

ExtraInfo Unable to create the query engine's first request item due to error ErrorMessage. It's possible that the MSFTESQL service account is invalid or the password has expired.

Message #

%1 Unable to create the query engine's first request item due to error %2. It's possible that the MSFTESQL service account is invalid or the password has expired.

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`ErrorMessage` UnicodeString	—
`binary` Binary	—

Event ID 2147487817 — Error ID Phase happened in Windows Search recovery stage, please restart the service.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

Error ID Phase happened in Windows Search recovery stage, please restart the service. If this error persists, please recreate the index.ExtraInfo.

Message #

Error ID %2 happened in Windows Search recovery stage, please restart the service. If this error persists, please recreate the index.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Phase` UnicodeString	—

Event ID 2147492651 — The Windows Search Service cannot initialize multi-instancing in Jet.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The Windows Search Service cannot initialize multi-instancing in Jet. If the application is used in a cluster environment, all applications using Jet will fail in the same group.ExtraInfo.

Message #

The Windows Search Service cannot initialize multi-instancing in Jet. If the application is used in a cluster environment, all applications using Jet will fail in the same group.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 2147493661 — The noise files cannot be renamed.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The noise files cannot be renamed.ExtraInfo.

Message #

The noise files cannot be renamed.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 2147493662 — The noise file "OldNoiseFile"" cannot be renamed to ""NewNoiseFile"".

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The noise file "OldNoiseFile"" cannot be renamed to ""NewNoiseFile"".ExtraInfo.

Message #

The noise file "%2"" cannot be renamed to ""%3"".%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`OldNoiseFile` UnicodeString	—
`NewNoiseFile` UnicodeString	—

Event ID 2147493668 — Performance Counters could not be loaded for Driver for instance InstanceName InstanceNum due to the following error: ErrorMessage.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

Performance Counters could not be loaded for Driver for instance InstanceName InstanceNum due to the following error: ErrorMessage.

Message #

Performance Counters could not be loaded for %1 for instance %2 %3 due to the following error: %4.

Fields #

Name	Description
`Driver` UnicodeString	—
`InstanceName` UnicodeString	—
`InstanceNum` UnicodeString	—
`ErrorMessage` UnicodeString	—

Event ID 2147493669 — Could not get performance counter registry info for Driver for instance InstanceName InstanceNum due to the following error: ErrorMessage.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

Could not get performance counter registry info for Driver for instance InstanceName InstanceNum due to the following error: ErrorMessage.

Message #

Could not get performance counter registry info for %1 for instance %2 %3 due to the following error: %4.

Fields #

Name	Description
`Driver` UnicodeString	—
`InstanceName` UnicodeString	—
`InstanceNum` UnicodeString	—
`ErrorMessage` UnicodeString	—

Event ID 2147493670 — Performance counters will not be loaded because the named objects (shared memory or events) are in use for Driver for instance InstanceName InstanceNum.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

Performance counters will not be loaded because the named objects (shared memory or events) are in use for Driver for instance InstanceName InstanceNum.

Message #

Performance counters will not be loaded because the named objects (shared memory or events) are in use for %1 for instance %2 %3.

Fields #

Name	Description
`Driver` UnicodeString	—
`InstanceName` UnicodeString	—
`InstanceNum` UnicodeString	—

Event ID 2147493671 — The protocol host process ProtocolHostProcessID did not respond and is being forcibly terminated {filter host process FilterHostProcessID}.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The protocol host process ProtocolHostProcessID did not respond and is being forcibly terminated {filter host process FilterHostProcessID}. ExtraInfo.

Message #

The protocol host process %2 did not respond and is being forcibly terminated {filter host process %3}. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`ProtocolHostProcessID` UnicodeString	—
`FilterHostProcessID` UnicodeString	—

Event ID 2147493672 — The filter host process FilterHostProcessID did not respond and is being forcibly terminated.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The filter host process FilterHostProcessID did not respond and is being forcibly terminated. ExtraInfo.

Message #

The filter host process %2 did not respond and is being forcibly terminated. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`FilterHostProcessID` UnicodeString	—

Event ID 2147493673 — The search service has failed to create database instance for the index {ExtraInfo} due to maximum number of instance reached.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The search service has failed to create database instance for the index {ExtraInfo} due to maximum number of instance reached. Please re-configure maximum value and restart the service.

Message #

The search service has failed to create database instance for the index {%1} due to maximum number of instance reached. Please re-configure maximum value and restart the service.

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 2147493674 — The search service has failed to configure maximum number of database instance.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The search service has failed to configure maximum number of database instance. {ExtraInfo}. Please re-configure maximum value and restart the service.

Message #

The search service has failed to configure maximum number of database instance. {%1}. Please re-configure maximum value and restart the service.

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 2147493675 — The search service has failed to create or load catalog for an user with SID {.

Provider: Microsoft-Windows-Search
Channel: Operational

Message #

The search service has failed to create or load catalog for an user with SID {%2}. Please inspect a profile directory for the user is accessible. You should re-start the search service after fixing any issue found from the profile directory. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`SID` UnicodeString	—

Event ID 2147493676 — The search service has failed to unload catalog for an user with SID {SID}.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The search service has failed to unload catalog for an user with SID {SID}. ExtraInfo.

Message #

The search service has failed to unload catalog for an user with SID {%2}. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`SID` UnicodeString	—

Event ID 3221226478 — The Windows Search Service has failed to create the new search index.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The Windows Search Service has failed to create the new search index. Internal error <Phase, HR, DiagnosticsInfo>. ExtraInfo.

Message #

The Windows Search Service has failed to create the new search index. Internal error <%2, %3, %4>. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Phase` UnicodeString	—
`HR` UnicodeString	—
`DiagnosticsInfo` UnicodeString	—

Event ID 3221226479 — The Windows Search Service was unable to allocate memory.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The Windows Search Service was unable to allocate memory.ExtraInfo.

Message #

The Windows Search Service was unable to allocate memory.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221226481 — An exception occurred in Address.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

An exception occurred in Address. Check other related Event Log messages.ExtraInfo.

Message #

An exception occurred in %2. Check other related Event Log messages.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Address` UnicodeString	—

Event ID 3221226483 — The Windows Search Service has failed to remove the old search index.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The Windows Search Service has failed to remove the old search index. Internal error <Phase,HR>. ExtraInfo.

Message #

The Windows Search Service has failed to remove the old search index. Internal error <%2,%3>. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Phase` UnicodeString	—
`HR` UnicodeString	—

Event ID 3221226488 — The Windows Search Service failed to move Index files from OldIndexPath to NewIndexPath with the following error: <Phase,ErrorCode>.

Provider: Microsoft-Windows-Search
Channel: Operational

Message #

The Windows Search Service failed to move Index files from %2 to %3 with the following error: <%4,%5>. This might be because the target directory is not empty, or because the SYSTEM account doesn't have write access to the target directory. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`OldIndexPath` UnicodeString	—
`NewIndexPath` UnicodeString	—
`Phase` UnicodeString	—
`ErrorCode` UnicodeString	—

Event ID 3221226491 — Windows Search Service failed to process the list of included and excluded locations with the error <Phase, ErrorCode, "Path">.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

Windows Search Service failed to process the list of included and excluded locations with the error <Phase, ErrorCode, "Path">. ExtraInfo.

Message #

Windows Search Service failed to process the list of included and excluded locations with the error <%2, %3, "%4">. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Phase` UnicodeString	—
`ErrorCode` UnicodeString	—
`Path` UnicodeString	—

Event ID 3221228475 — A configuration error occurred.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

A configuration error occurred.ExtraInfo.

Message #

A configuration error occurred.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228478 — Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be op...

Provider: Microsoft-Windows-Search
Channel: Operational

Message #

Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228479 — Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be ope...

Provider: Microsoft-Windows-Search
Channel: Operational

Message #

Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228480 — The entry <Entry> cannot be inserted into the history.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The entry <Entry> cannot be inserted into the history.ExtraInfo.

Message #

The entry <%2> cannot be inserted into the history.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Entry` UnicodeString	—

Event ID 3221228481 — The transaction object cannot be created.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The transaction object cannot be created.ExtraInfo.

Message #

The transaction object cannot be created.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228482 — The transaction cannot be appended to the queue.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The transaction cannot be appended to the queue. File: FilePath.ExtraInfo.

Message #

The transaction cannot be appended to the queue. File: %2.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`FilePath` UnicodeString	—

Event ID 3221228483 — The transaction cannot be updated in the queue.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The transaction cannot be updated in the queue. File: FilePath.ExtraInfo.

Message #

The transaction cannot be updated in the queue. File: %2.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`FilePath` UnicodeString	—

Event ID 3221228485 — The entry <Entry> in the hash map cannot be updated.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The entry <Entry> in the hash map cannot be updated.ExtraInfo.

Message #

The entry <%2> in the hash map cannot be updated.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Entry` UnicodeString	—

Event ID 3221228486 — An exception occurred.

Provider: Microsoft-Windows-Search
Channel: Operational

Message #

An exception occurred. ID: %2. This is an internal error. Reproduce the error with the debugger attached and enable exceptions, then contact product support. One of the components loaded in your system is bad. You may be able to avoid the problem by recreating the index.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`ID` UnicodeString	—

Event ID 3221228487 — The transaction file cannot be read.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The transaction file cannot be read.ExtraInfo.

Message #

The transaction file cannot be read.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228492 — Internal gatherer error ErrorCode occurred.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

Internal gatherer error ErrorCode occurred. Please contact Microsoft Product Support Services.ExtraInfo.

Message #

Internal gatherer error %2 occurred. Please contact Microsoft Product Support Services.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`ErrorCode` UnicodeString	—

Event ID 3221228497 — Critical error ErrorCode occurred, and the index was shut down.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

Critical error ErrorCode occurred, and the index was shut down. The system is probably low on resources. Free up resources and restart the service.ExtraInfo.

Message #

Critical error %2 occurred, and the index was shut down. The system is probably low on resources. Free up resources and restart the service.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`ErrorCode` UnicodeString	—

Event ID 3221228498 — Advise Status Change failed.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

Advise Status Change failed. The system is probably low on resources. Free up resources and restart the service.ExtraInfo.

Message #

Advise Status Change failed. The system is probably low on resources. Free up resources and restart the service.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228499 — The URL <URL> cannot be crawled.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The URL <URL> cannot be crawled.ExtraInfo.

Message #

The URL <%2> cannot be crawled.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`URL` UnicodeString	—

Event ID 3221228500 — The gatherer object cannot be initialized.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The gatherer object cannot be initialized.ExtraInfo.

Message #

The gatherer object cannot be initialized.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228501 — The plug-in in <Plugin> cannot be initialized.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The plug-in in <Plugin> cannot be initialized.ExtraInfo.

Message #

The plug-in in <%2> cannot be initialized.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Plugin` UnicodeString	—

Event ID 3221228502 — The gatherer service cannot be initialized.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The gatherer service cannot be initialized.ExtraInfo.

Message #

The gatherer service cannot be initialized.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228503 — A document ID cannot be allocated.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

A document ID cannot be allocated.ExtraInfo.

Message #

A document ID cannot be allocated.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228504 — A document ID cannot be freed.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

A document ID cannot be freed.ExtraInfo.

Message #

A document ID cannot be freed.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228505 — A new queue file cannot be created.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

A new queue file cannot be created.ExtraInfo.

Message #

A new queue file cannot be created.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228506 — The registry version does not match with the expected <.

Provider: Microsoft-Windows-Search
Channel: Operational

Message #

The registry version does not match with the expected <%2>, or the registry cannot be accessed because the service account does not have the correct permissions.  Uninstall the previous version before installing the new one.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`ExpectedVersion` UnicodeString	—

Event ID 3221228512 — The status change request RequestedStatusMessage cannot be processed.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The status change request RequestedStatusMessage cannot be processed.ExtraInfo.

Message #

The status change request %2 cannot be processed.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`RequestedStatusMessage` UnicodeString	—

Event ID 3221228520 — No documents were accessed because no e-mail address is specified in the content index server properties.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

No documents were accessed because no e-mail address is specified in the content index server properties. Specify the e-mail address in the service configuration.ExtraInfo.

Message #

No documents were accessed because no e-mail address is specified in the content index server properties. Specify the e-mail address in the service configuration.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228522 — Unvisited items cannot be deleted from the history after a full update.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

Unvisited items cannot be deleted from the history after a full update.ExtraInfo.

Message #

Unvisited items cannot be deleted from the history after a full update.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228529 — The plug-in manager <PluginManager> cannot be initialized.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The plug-in manager <PluginManager> cannot be initialized.ExtraInfo.

Message #

The plug-in manager <%2> cannot be initialized.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`PluginManager` UnicodeString	—

Event ID 3221228530 — The application cannot be initialized.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The application cannot be initialized.ExtraInfo.

Message #

The application cannot be initialized.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228531 — The update cannot be initialized.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The update cannot be initialized.ExtraInfo.

Message #

The update cannot be initialized.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228551 — Notifications for the volume VolumeName are not active.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

Notifications for the volume VolumeName are not active. ExtraInfo.

Message #

Notifications for the volume %2 are not active. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`VolumeName` UnicodeString	—

Event ID 3221228555 — The protocol handler ProtocolHandler cannot be loaded.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The protocol handler ProtocolHandler cannot be loaded. Error description: ErrorMessage. ExtraInfo.

Message #

The protocol handler %2 cannot be loaded. Error description: %3. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`ProtocolHandler` UnicodeString	—
`ErrorMessage` UnicodeString	—

Event ID 3221228556 — Failed to load protocol handler ProtocolHandler.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

Failed to load protocol handler ProtocolHandler. Error description: ErrorMessage. ExtraInfo.

Message #

Failed to load protocol handler %2. Error description: %3. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`ProtocolHandler` UnicodeString	—
`ErrorMessage` UnicodeString	—

Event ID 3221228557 — The application network access account is invalid.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The application network access account is invalid. Update the account with a valid username and password. ExtraInfo.

Message #

The application network access account is invalid.  Update the account with a valid username and password. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228559 — The gatherer files cannot be flushed, and this action cannot be completed.

Provider: Microsoft-Windows-Search
Channel: Operational

Message #

The gatherer files cannot be flushed, and this action cannot be completed. The gatherer will attempt to flush files again. If the problem persists, restart the service, free system resources or verify that your hardware is working properly. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228560 — The checkpoint record cannot be updated, and this action cannot be completed.

Provider: Microsoft-Windows-Search
Channel: Operational

Message #

The checkpoint record cannot be updated, and this action cannot be completed. The gatherer will attempt to update the checkpoint record again. If the problem persists, restart the service, free system resources or verify that your hardware is working properly. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228561 — The gatherer files cannot be saved, and this action cannot be completed.

Provider: Microsoft-Windows-Search
Channel: Operational

Message #

The gatherer files cannot be saved, and this action cannot be completed. The gatherer will attempt to save the files again. If the problem persists, restart the service, free system resources or verify that your hardware is working properly. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228562 — The gatherer files from the previous checkpoint cannot be restored, and this action cannot be completed.

Provider: Microsoft-Windows-Search
Channel: Operational

Message #

The gatherer files from the previous checkpoint cannot be restored, and this action cannot be completed. The gatherer will attempt to restore the files again. If the problem persists, restart the service, free system resources or verify that your hardware is working properly. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228563 — The checkpoint record cannot be read, and this action cannot be completed.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The checkpoint record cannot be read, and this action cannot be completed. If the problem persists, restart the service, free system resources or verify that your hardware is working properly. ExtraInfo.

Message #

The checkpoint record cannot be read, and this action cannot be completed.  If the problem persists, restart the service, free system resources or verify that your hardware is working properly. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228564 — The project cannot be initialized, because the checkpoint record cannot be read.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The project cannot be initialized, because the checkpoint record cannot be read. The data structures on the disk will be reset. Verify that your hardware is working properly. ExtraInfo.

Message #

The project cannot be initialized, because the checkpoint record cannot be read. The data structures on the disk will be reset.  Verify that your hardware is working properly. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228565 — The project cannot be initialized, because one of the checkpoint files is missing.

Provider: Microsoft-Windows-Search
Channel: Operational

Message #

The project cannot be initialized, because one of the checkpoint files is missing. The data structures on the disk will be reset.  Check to see if someone is manually deleting files, and verify that your hardware is working properly. %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228569 — The gatherer did not connect to the SQLServer instance.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The gatherer did not connect to the SQLServer instance.ExtraInfo.

Message #

The gatherer did not connect to the SQLServer instance.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228571 — Unable to terminate notifications normally.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

Unable to terminate notifications normally. Restart the service or contact Product Support.ExtraInfo.

Message #

Unable to terminate notifications normally.  Restart the service or contact Product Support.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228572 — Unable to initialize the filter host process.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

Unable to initialize the filter host process. Terminating.ExtraInfo.

Message #

Unable to initialize the filter host process. Terminating.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221228573 — The filter host process could not be terminated.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The filter host process could not be terminated.

Message #

The filter host process could not be terminated.

Event ID 3221229577 — ExtraInfoA master merge cannot be started for catalog CatalogName due to error ErrorMessage.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

ExtraInfoA master merge cannot be started for catalog CatalogName due to error ErrorMessage.

Message #

%1A master merge cannot be started for catalog %2 due to error %3.

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`CatalogName` UnicodeString	—
`ErrorMessage` UnicodeString	—

Event ID 3221229578 — ExtraInfoA master merge cannot be re-started for catalog CatalogName due to error ErrorMessage.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

ExtraInfoA master merge cannot be re-started for catalog CatalogName due to error ErrorMessage.

Message #

%1A master merge cannot be re-started for catalog %2 due to error %3.

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`CatalogName` UnicodeString	—
`ErrorMessage` UnicodeString	—

Event ID 3221232473 — The schema file <SrcFile> cannot be copied to <DstFile>.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The schema file <SrcFile> cannot be copied to <DstFile>.ExtraInfo.

Message #

The schema file <%2> cannot be copied to <%3>.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`SrcFile` UnicodeString	—
`DstFile` UnicodeString	—

Event ID 3221232482 — The index cannot be initialized.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The index cannot be initialized.ExtraInfo.

Message #

The index cannot be initialized.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221232483 — Directory location <Directory> is invalid.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

Directory location <Directory> is invalid. The application configuration cannot be read. Reinstall the application.ExtraInfo.

Message #

Directory location <%2> is invalid. The application configuration cannot be read.  Reinstall the application.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Directory` UnicodeString	—

Event ID 3221232485 — The update was paused because the disk <Directory> is full.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The update was paused because the disk <Directory> is full. Free up disk space to continue crawling the index.ExtraInfo.

Message #

The update was paused because the disk <%2> is full. Free up disk space to continue crawling the index.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Directory` UnicodeString	—

Event ID 3221232512 — The search service has detected corrupted data files in the index {id=CorruptionId}.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The search service has detected corrupted data files in the index {id=CorruptionId}. The service will attempt to automatically correct this problem by rebuilding the index.ExtraInfo.

Message #

The search service has detected corrupted data files in the index {id=%2}. The service will attempt to automatically correct this problem by rebuilding the index.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`CorruptionId` UnicodeString	—

Event ID 3221232515 — The index cannot be loaded.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The index cannot be loaded.ExtraInfo.

Message #

The index cannot be loaded.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221232536 — Performance monitoring cannot be initialized because the counters are not loaded or the shared memory object cannot be opened.

Provider: Microsoft-Windows-Search
Channel: Operational

Message #

Performance monitoring cannot be initialized because the counters are not loaded or the shared memory object cannot be opened. Stop and restart the search service.  If this error continues, reinstall the application.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221232538 — Configuration directory Directory is missing, and disaster recovery must be performed.

Provider: Microsoft-Windows-Search
Channel: Operational

Message #

Configuration directory %2 is missing, and disaster recovery must be performed. If there are existing indexes, they must be restored from the last backup. If there is no backup of index data, then delete the catalogs and recreate them.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—
`Directory` UnicodeString	—

Event ID 3221232540 — The registry cannot be read, possibly because the registry keys for this index are missing.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The registry cannot be read, possibly because the registry keys for this index are missing. You may have to delete and recreate the index ExtraInfo.

Message #

The registry cannot be read, possibly because the registry keys for this index are missing. You may have to delete and recreate the index %1.

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221232542 — The Windows Search Service added catalog ExtraInfo.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The Windows Search Service added catalog ExtraInfo.

Message #

The Windows Search Service added catalog %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221232543 — The Windows Search Service removed index ExtraInfo.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The Windows Search Service removed index ExtraInfo.

Message #

The Windows Search Service removed index %1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221234472 — The Windows Search Service cannot open the Jet property store.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The Windows Search Service cannot open the Jet property store.ExtraInfo.

Message #

The Windows Search Service cannot open the Jet property store.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221234473 — The Windows Search Service cannot create a Jet property store.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The Windows Search Service cannot create a Jet property store.ExtraInfo.

Message #

The Windows Search Service cannot create a Jet property store.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—

Event ID 3221234474 — The Windows Search Service cannot load the property store information.

Provider: Microsoft-Windows-Search
Channel: Operational

Description

The Windows Search Service cannot load the property store information.ExtraInfo.

Message #

The Windows Search Service cannot load the property store information.%1

Fields #

Name	Description
`ExtraInfo` UnicodeString	—