About export .evt file format - Splunk Community

Getting Data In

Gooday Splunkers!!!

Can you give me tips on how i can upload a .evt file to splunk?

Because i have a xxxx.evt here and how i can add as a data to splunk? and convert it as csv file.

i been reading this

http://docs.splunk.com/Documentation/Splunk/5.0/Data/Monitorwindowsdata

and it did not resolve mu issue

Thanks and Regards
Cris

Usually you don't read directly the WindowsEventLogs, and use the special inputs that calls the windows system API.

However if you have evt files exported (not locked or touched by windows), you can to monitor them as regular files :

please apply the correct sourcetype based on the actual log type ( by example WinEventLog:Application) see http://splunk-base.splunk.com/answers/37343/sourcetype-for-windows-event-logs
please import the log file on the same OS version in order to translate them correctly see http://docs.splunk.com/Documentation/Splunk/5.0/Data/MonitorWindowsdata#Index_exported_event_log_.28...

Get Updates on the Splunk Community!

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...