All Apps and Add-ons

How Splunk can help in taking the backup of our Windows, Applications/Service Logs

sahils
New Member

How Splunk can help in taking the backup of our Windows, Applications/Service Logs

Please let me know the steps and process if Yes?

Thanks,
Sahil

Tags (1)
0 Karma

vr2312
Contributor

@sahils

You can monitor if the Backups have failed or succeeded by monitoring the Windows Event Viewer Log for the same.

The below configuration might help you, or you can use the Splunk Windows TA available :

[WinEventLog:Microsoft-Windows-Backup/Operational]
disabled = 0
index = wineventlog
renderXml=false
start_from = oldest
checkpointInterval = 5

0 Karma

esix_splunk
Splunk Employee
Splunk Employee

Splunk can monitor log files from your backup software, assuming that the backup software is able to output log files.

All you have to do is ingest those logs into Splunk, and then you can create alerts for certain keywords like "Failed Backup" "Failure" "Success" etc.

0 Karma

dperre_splunk
Splunk Employee
Splunk Employee

Hi Sahil,

Can you describe your problem a little more?

Are you asking how Splunk can retain your event logs?

Or are you asking how we can monitor for successful or failed backup of the evtx file?

0 Karma

sahils
New Member

Hello,

We need to monitor the back up files or failed backup.

Thanks,
Sahil

0 Karma

adonio
Ultra Champion

hello there, do you mean to monitor some backup product and its functionality? errors, completed backups etc? there are some nice splunk apps around this use case.
hope i understand your question

0 Karma

dperre_splunk
Splunk Employee
Splunk Employee

When you look for the backup message are the files inside the windows eventlog or in a flat file?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...