All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Avecto Log Ingestion

y2kbcm
Explorer
‎05-10-2019 02:54 PM

Hi,

I'm trying to get Avecto data to my splunk indexer.

The current environment is I have a splunk app that sends WinEvent:Application logs to indexer with some event codes whitelisted.

What I want is I want to create a separate app that collects Avecto log. However Avecto logs only exist in WinEvent:Application but does not exist under applications and services logs. So, I cannot use "Full name" in my inputs.conf stanza.

I found an avecto and splunk integration guide online and tried it ["https://www.beyondtrust.com/docs/privilege.management/documents/mac/pm-splunk-integration-guide-1-0-...].
However, it failed to collect the logs saying "WinEventMon::configure: Failed to find Event Log with channel name="Avecto Defendpoint Service."

Is there anyway I can build my avecto app without chaning my WinEvent:Application app?

Thanks.

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...