Re: create dashboard to monistor windows event log...

syamsekhar · ‎05-18-2018

How to create a dashabord for windows event log monitoring of different windows servers with categories like application, Security,System . so that it can be filtered easly from dashboard itself

kvswathi · ‎05-18-2018

As I understood from your question, you need to create a dashboard with different windows servers with categories like application, Security,System.

Use the below query , it will list the event count for each sourcetype for each server . Then you can save it as a dashboard , also you can enable drilldown.

index= | chart count by host,sourcetype

niketn · ‎05-18-2018

Check out Splunk App for Windows Infrastructure
Enable the data inputs required for Event Monitoring (also whitelist/blacklist events as per your needs). Following is the Event Monitoring Dashboard available in the App: http://docs.splunk.com/Documentation/MSApp/latest/Reference/EventMonitoring

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

HiroshiSatoh · ‎05-18-2018

I think that you can use this sheet to create panels and combine them.

https://www.malwarearchaeology.com/cheat-sheets/

There is also APP like this.
Windows Event Logs Analysis

create dashboard to monistor windows event logs

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?