All Apps and Add-ons

How Splunk can help in taking the backup of our Windows, Applications/Service Logs

sahils
New Member

How Splunk can help in taking the backup of our Windows, Applications/Service Logs

Please let me know the steps and process if Yes?

Thanks,
Sahil

Tags (1)
0 Karma

vr2312
Contributor

@sahils

You can monitor if the Backups have failed or succeeded by monitoring the Windows Event Viewer Log for the same.

The below configuration might help you, or you can use the Splunk Windows TA available :

[WinEventLog:Microsoft-Windows-Backup/Operational]
disabled = 0
index = wineventlog
renderXml=false
start_from = oldest
checkpointInterval = 5

0 Karma

esix_splunk
Splunk Employee
Splunk Employee

Splunk can monitor log files from your backup software, assuming that the backup software is able to output log files.

All you have to do is ingest those logs into Splunk, and then you can create alerts for certain keywords like "Failed Backup" "Failure" "Success" etc.

0 Karma

dperre_splunk
Splunk Employee
Splunk Employee

Hi Sahil,

Can you describe your problem a little more?

Are you asking how Splunk can retain your event logs?

Or are you asking how we can monitor for successful or failed backup of the evtx file?

0 Karma

sahils
New Member

Hello,

We need to monitor the back up files or failed backup.

Thanks,
Sahil

0 Karma

adonio
Ultra Champion

hello there, do you mean to monitor some backup product and its functionality? errors, completed backups etc? there are some nice splunk apps around this use case.
hope i understand your question

0 Karma

dperre_splunk
Splunk Employee
Splunk Employee

When you look for the backup message are the files inside the windows eventlog or in a flat file?

0 Karma
Get Updates on the Splunk Community!

Introducing Ingest Actions: Filter, Mask, Route, Repeat

WATCH NOW Ingest Actions (IA) is the best new way to easily filter, mask and route your data in Splunk® ...

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...