https://community.splunk.com/t5/All-Apps-and-Add-ons/Is-there-an-add-on-to-monitor-and-parse-DNS-logs-from-Windows/m-p/246837#M28057 <P>download splunk app for windows infrastructure <A href="https://splunkbase.splunk.com/app/1680/">https://splunkbase.splunk.com/app/1680/</A> then dive to appserver then to addons then you will find DNS TA and other usefull once ....</P> <P>good luck </P> Thu, 12 May 2016 01:00:44 GMT mosman_splunk 2016-05-12T01:00:44Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Is-there-an-add-on-to-monitor-and-parse-DNS-logs-from-Windows/m-p/246836#M28056 <P>I am looking for TA for DNS logs from 2012 R2 DNS servers. Would TA-DNSServer-NT6 work? I believe TA-DNSServer-NT6 was created for Windows 2008 R2 DNS Services. </P> Thu, 12 May 2016 00:43:09 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Is-there-an-add-on-to-monitor-and-parse-DNS-logs-from-Windows/m-p/246836#M28056 daniel_augustyn 2016-05-12T00:43:09Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Is-there-an-add-on-to-monitor-and-parse-DNS-logs-from-Windows/m-p/246837#M28057 <P>download splunk app for windows infrastructure <A href="https://splunkbase.splunk.com/app/1680/">https://splunkbase.splunk.com/app/1680/</A> then dive to appserver then to addons then you will find DNS TA and other usefull once ....</P> <P>good luck </P> Thu, 12 May 2016 01:00:44 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Is-there-an-add-on-to-monitor-and-parse-DNS-logs-from-Windows/m-p/246837#M28057 mosman_splunk 2016-05-12T01:00:44Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Is-there-an-add-on-to-monitor-and-parse-DNS-logs-from-Windows/m-p/246838#M28058 <P>TA-DNSServer-NT6 is for 2008 and later, so it should be used for 2012 R2.</P> <P><A href="http://docs.splunk.com/Documentation/MSApp/1.2.1/MSInfra/DownloadandconfiguretheSplunkAdd-onsforWindowsDNS">http://docs.splunk.com/Documentation/MSApp/1.2.1/MSInfra/DownloadandconfiguretheSplunkAdd-onsforWindowsDNS</A></P> Thu, 12 May 2016 14:57:05 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Is-there-an-add-on-to-monitor-and-parse-DNS-logs-from-Windows/m-p/246838#M28058 spayneort 2016-05-12T14:57:05Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Is-there-an-add-on-to-monitor-and-parse-DNS-logs-from-Windows/m-p/246839#M28059 <P>This doesn't seem to work for 2012 DNS Analytical logs. I have the following monitoring stanza but it's throwing an error. <BR /> [WinEventLog://Microsoft-Windows-DNSServer/Analytical]</P> <P>'WinEventLogChannel::subscribeToEvtChannel: Could not subscribe to Windows Event Log channel ‘microsoft-windows-dnsserver/analytical errorCode=15009’</P> <P><A href="https://technet.microsoft.com/en-us/library/dn800669.aspx#dbug">https://technet.microsoft.com/en-us/library/dn800669.aspx#dbug</A></P> Tue, 24 Jan 2017 22:23:30 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Is-there-an-add-on-to-monitor-and-parse-DNS-logs-from-Windows/m-p/246839#M28059 rajbir1 2017-01-24T22:23:30Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Is-there-an-add-on-to-monitor-and-parse-DNS-logs-from-Windows/m-p/246840#M28060 <P>Did you find a solution for reading the Microsoft-Windows-DNSServer/Analytical logs? It's my understanding from this article that the analytical log can't be read "online" if circular logging is enabled.<BR /> <A href="https://support.microsoft.com/en-us/help/2488055/error-when-enabling-analytic-or-debug-event-log">Error when enabling Analytic or Debug event log: "The requested operation cannot be performed over an enabled direct channel</A></P> <P>One solution might be to switch the event log to manual clearing and configure the Splunk add-on to do that log clearing. I'm not sure if that's a feature of the add-on.</P> Tue, 17 Apr 2018 19:30:07 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Is-there-an-add-on-to-monitor-and-parse-DNS-logs-from-Windows/m-p/246840#M28060 hughkelley 2018-04-17T19:30:07Z