Solved: How to configure Splunk Windows Event logs through...

dlogvinenko · ‎04-10-2016

Is it even possible to configure Windows Event Logs through command line?

PS C:\Program Files\SplunkUniversalForwarder\bin> .\splunk.exe add monitor WinEventLog://Security

 In handler 'monitor': Parameter name: Path does not exist.

Also tried:

C:\Windows\System32\Winevt\Logs\Security.evtx (but then I get charset problems) and I didn't find how to specify it when you add monitor (using command line only).

badrinath_itrs · ‎04-11-2016

Hi ,

Please check the below documentation as how you can add the Event logs for monitoring using Splunk.

http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/MonitorWindowseventlogdata

The Command that you are using is to add normal log files for monitoring and not for event logs.

Regards,
Badri

View solution in original post

badrinath_itrs · ‎04-11-2016

Hi ,

Please check the below documentation as how you can add the Event logs for monitoring using Splunk.

http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/MonitorWindowseventlogdata

The Command that you are using is to add normal log files for monitoring and not for event logs.

Regards,
Badri

How to configure Splunk Windows Event logs through command line?

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes