Splunk Dev

Need information about Windows event/Performance monitoring using config files

Ajinkya1992
Path Finder

Hello,
Do we have any document which guides in detail what all things we can monitor in events log and in performance logs on windows?

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

Hi,

As this is very broad question for monitoring various events log and performance on Windows but you can start with below documentations

http://docs.splunk.com/Documentation/Splunk/7.2.0/Data/MonitorWindowsperformance
http://docs.splunk.com/Documentation/WindowsAddOn/5.0.1/User/AbouttheSplunkAdd-onforWindows

If you will provide more detailed information in your questions then it will be easy for community members to provide accurate answers.

0 Karma

Ajinkya1992
Path Finder

Thanx Harshil,
Yes, I have gone through these links. Monitoring Events logs and monitoring performance.
Actually, I wanted to know what all things we can monitor under both these categories, like memory, disk usage, CPU etc for performance or App, security, system from events logs.
Same like this it would be very helpful if we get any detailed document says xxx things can be monitored under events yyy things can be monitored under performance

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

It depends on what you want to achieve ( I am not aware of any such ready made document which will say that monitor XYZ on Application Events Log to achieve ABC goal because every organization have different type of requirement to achieve their monitoring goals), if you look at Splunk Add-on for Windows you can achieve this but still you need to configure that add-on based on your requirement.

For example : [WinEventLog://Application] will monitor each and every events of Windows Application Events but if you want to monitor only certain Event ID then you can use whitelist or blacklist based on your requirement, reference doc , same with performance of Windows host, you can use different perfmon stanza ([perfmon:...]) to achieve your goal.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...