Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Need information about Windows event/Performance monitoring using config files

Ajinkya1992
Path Finder
‎10-16-2018 03:39 AM

Hello,
Do we have any document which guides in detail what all things we can monitor in events log and in performance logs on windows?

0 Karma
Reply

harsmarvania57
SplunkTrust
SplunkTrust
‎10-16-2018 04:24 AM

Hi,

As this is very broad question for monitoring various events log and performance on Windows but you can start with below documentations

http://docs.splunk.com/Documentation/Splunk/7.2.0/Data/MonitorWindowsperformance
http://docs.splunk.com/Documentation/WindowsAddOn/5.0.1/User/AbouttheSplunkAdd-onforWindows

If you will provide more detailed information in your questions then it will be easy for community members to provide accurate answers.

0 Karma
Reply

Ajinkya1992
Path Finder
‎10-16-2018 10:33 PM

Thanx Harshil,
Yes, I have gone through these links. Monitoring Events logs and monitoring performance.
Actually, I wanted to know what all things we can monitor under both these categories, like memory, disk usage, CPU etc for performance or App, security, system from events logs.
Same like this it would be very helpful if we get any detailed document says xxx things can be monitored under events yyy things can be monitored under performance

0 Karma
Reply

harsmarvania57
SplunkTrust
SplunkTrust
‎10-17-2018 03:00 AM

It depends on what you want to achieve ( I am not aware of any such ready made document which will say that monitor XYZ on Application Events Log to achieve ABC goal because every organization have different type of requirement to achieve their monitoring goals), if you look at Splunk Add-on for Windows you can achieve this but still you need to configure that add-on based on your requirement.

For example : [WinEventLog://Application] will monitor each and every events of Windows Application Events but if you want to monitor only certain Event ID then you can use whitelist or blacklist based on your requirement, reference doc , same with performance of Windows host, you can use different perfmon stanza ([perfmon:...]) to achieve your goal.

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...