Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Adding custom logs from Event Viewer stanza

marcoatto
New Member
‎07-07-2021 12:57 PM

Anybody has experience with adding custom logs from Event Viewer to inputs.conf?

Is it enogh to put stanza:

[WinEventLogs://name of custom event logs same as in Event Viewer] or something else?

Thank you

 

Labels (3)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-08-2021 05:58 AM

All of my customers have use the three standard event logs: Application, System, and Security.  One writes custom log entries to the Application log, which are then picked up by Splunk.

It may be possible to add a monitor like [WinEventLog://MyCustomLog].  Perhaps they best way to find out is to try it.  It can't hurt.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

venkatasri
SplunkTrust
SplunkTrust
‎07-07-2021 04:45 PM

Hi @marcoatto 

As already described here - https://community.splunk.com/t5/Getting-Data-In/Forwarding-windows-event-viewer-logs-to-Splunk/m-p/1...

EventViewer is a tool to see view the event logs in Windows they can not be directly ingested. [WinEventLog: is the way to ingest event logs to Splunk and you have to further filter these logs based on EventCode or other keys in to filter/customise what you want exactly. 

User Whitelist/blacklist settings to customise/filter them - https://docs.splunk.com/Documentation/Splunk/8.2.1/admin/Inputsconf#Event_Log_allow_list_and_deny_li...

---

An upvote would be appreciated and Accept solution if it helps!

Tags (3)
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...