Getting Data In

Automatically archive windows event logs from interface?


Due to our strict security policies I need to show a security representative that Splunk can not only index windows event logs but also archive them to a directory.

I know I can set this up for automation via the coldToFrozenScript field in indexes.conf, but I was wondering if there was a way to add this functionality to the user interface so that I could simply click on a link and go to a backup directory and view the newly archived file.

Thanks for your time.


Tags (1)
0 Karma


AFAIK there is no such functionality present in the web interface, the coldToFrozenScript is the way to go.