Re: How Splunk can help in taking the backup of o...

sahils · ‎05-16-2017

How Splunk can help in taking the backup of our Windows, Applications/Service Logs

Please let me know the steps and process if Yes?

Thanks,
Sahil

vr2312 · ‎01-19-2018

@sahils

You can monitor if the Backups have failed or succeeded by monitoring the Windows Event Viewer Log for the same.

The below configuration might help you, or you can use the Splunk Windows TA available :

[WinEventLog:Microsoft-Windows-Backup/Operational]
disabled = 0
index = wineventlog
renderXml=false
start_from = oldest
checkpointInterval = 5

esix_splunk · ‎05-17-2017

Splunk can monitor log files from your backup software, assuming that the backup software is able to output log files.

All you have to do is ingest those logs into Splunk, and then you can create alerts for certain keywords like "Failed Backup" "Failure" "Success" etc.

dperre_splunk · ‎05-16-2017

Hi Sahil,

Can you describe your problem a little more?

Are you asking how Splunk can retain your event logs?

Or are you asking how we can monitor for successful or failed backup of the evtx file?

sahils · ‎05-17-2017

Hello,

We need to monitor the back up files or failed backup.

Thanks,
Sahil

adonio · ‎05-17-2017

hello there, do you mean to monitor some backup product and its functionality? errors, completed backups etc? there are some nice splunk apps around this use case.
hope i understand your question

dperre_splunk · ‎05-17-2017

When you look for the backup message are the files inside the windows eventlog or in a flat file?

How Splunk can help in taking the backup of our Windows, Applications/Service Logs

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life