Ingest DNS Analytical Logs

vulnfree · ‎01-20-2021

Hi Splunkers,

I'm having issues ingesting Windows DNS Server Analytical logs. What's strange is that I am able to pull Audit logs with the following details in the inputs.conf file:

[WinEventLog://Microsoft-Windows-DNSServer/Audit]
disabled=0
index=dns

When I do the same thing for Analytical it does not work:

[WinEventLog://Microsoft-Windows-DNSServer/Analytical]
disabled=0
index=dns

Has anyone had any luck here?

Thank you!

sylim_splunk · ‎07-18-2025

Please check this out,

https://splunk.my.site.com/customer/s/article/Can-Splunk-Ingest-Windows-etl-Formated-Files

Ingest DNS Analytical Logs

inputs.conf

universal forwarder

Windows

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

GA: New Data Management App in Splunk Platform

Announcing Modern Navigation: A New Era of Splunk User Experience

Join the Conversation

Ingest DNS Analytical Logs

inputs.conf

universal forwarder

Windows

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

GA: New Data Management App in Splunk Platform

Announcing Modern Navigation: A New Era of Splunk User Experience