Getting Data In

Adding custom logs from Event Viewer stanza

marcoatto
New Member

Anybody has experience with adding custom logs from Event Viewer to inputs.conf?

Is it enogh to put stanza:

[WinEventLogs://name of custom event logs same as in Event Viewer] or something else?

Thank you

 

Labels (3)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

All of my customers have use the three standard event logs: Application, System, and Security.  One writes custom log entries to the Application log, which are then picked up by Splunk.

It may be possible to add a monitor like [WinEventLog://MyCustomLog].  Perhaps they best way to find out is to try it.  It can't hurt.

---
If this reply helps you, Karma would be appreciated.
0 Karma

venkatasri
SplunkTrust
SplunkTrust

Hi @marcoatto 

As already described here - https://community.splunk.com/t5/Getting-Data-In/Forwarding-windows-event-viewer-logs-to-Splunk/m-p/1...

EventViewer is a tool to see view the event logs in Windows they can not be directly ingested. [WinEventLog: is the way to ingest event logs to Splunk and you have to further filter these logs based on EventCode or other keys in to filter/customise what you want exactly. 

User Whitelist/blacklist settings to customise/filter them - https://docs.splunk.com/Documentation/Splunk/8.2.1/admin/Inputsconf#Event_Log_allow_list_and_deny_li...

---

An upvote would be appreciated and Accept solution if it helps!

Tags (3)
0 Karma
Get Updates on the Splunk Community!

Now Playing: Splunk Education Summer Learning Premieres

It’s premiere season, and Splunk Education is rolling out new releases you won’t want to miss. Whether you’re ...

The Visibility Gap: Hybrid Networks and IT Services

The most forward thinking enterprises among us see their network as much more than infrastructure – it's their ...

Get Operational Insights Quickly with Natural Language on the Splunk Platform

In today’s fast-paced digital world, turning data into actionable insights is essential for success. With ...