Solved: How to configure Splunk Windows Event logs through...

dlogvinenko · ‎04-10-2016

Is it even possible to configure Windows Event Logs through command line?

PS C:\Program Files\SplunkUniversalForwarder\bin> .\splunk.exe add monitor WinEventLog://Security

 In handler 'monitor': Parameter name: Path does not exist.

Also tried:

C:\Windows\System32\Winevt\Logs\Security.evtx (but then I get charset problems) and I didn't find how to specify it when you add monitor (using command line only).

badrinath_itrs · ‎04-11-2016

Hi ,

Please check the below documentation as how you can add the Event logs for monitoring using Splunk.

http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/MonitorWindowseventlogdata

The Command that you are using is to add normal log files for monitoring and not for event logs.

Regards,
Badri

View solution in original post

badrinath_itrs · ‎04-11-2016

Hi ,

Please check the below documentation as how you can add the Event logs for monitoring using Splunk.

http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/MonitorWindowseventlogdata

The Command that you are using is to add normal log files for monitoring and not for event logs.

Regards,
Badri

How to configure Splunk Windows Event logs through command line?

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Are you a member of the Splunk Community?

How to configure Splunk Windows Event logs through command line?

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0