Dashboards & Visualizations

create dashboard to monistor windows event logs

syamsekhar
New Member

How to create a dashabord for windows event log monitoring of different windows servers with categories like application, Security,System . so that it can be filtered easly from dashboard itself

Tags (1)
0 Karma

kvswathi
Path Finder

As I understood from your question, you need to create a dashboard with different windows servers with categories like application, Security,System.

Use the below query , it will list the event count for each sourcetype for each server . Then you can save it as a dashboard , also you can enable drilldown.

index= | chart count by host,sourcetype

0 Karma

niketn
Legend

Check out Splunk App for Windows Infrastructure
Enable the data inputs required for Event Monitoring (also whitelist/blacklist events as per your needs). Following is the Event Monitoring Dashboard available in the App: http://docs.splunk.com/Documentation/MSApp/latest/Reference/EventMonitoring

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

HiroshiSatoh
Champion

I think that you can use this sheet to create panels and combine them.

https://www.malwarearchaeology.com/cheat-sheets/

There is also APP like this.
Windows Event Logs Analysis

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...