Getting Data In

Monitoring Windows Hyper-V Event Logs

tgow
Splunk Employee
Splunk Employee

What is the inputs.conf syntax for monitoring Windows Hyper-V Event Logs? Hyper-V event logs are stored in the Event Viewer under "Applications and Services Logs", "Microsoft", "Windows".

Thanks in advance.

1 Solution

Ron_Naken
Splunk Employee
Splunk Employee

If you add a data input for either Local Event Log Collection or Remote Event Log Collection in the UI, Splunk will allow you to enumerate the log repositories under the various branches -- just click on the repository for Hyper-V to add it to the list.

The syntax for WMI.CONF looks like this for a remote machine:

[WMI:HyperV]
disabled = 0
event_log_file = <full name>
interval = 5
server = myserver

You can retrieve the <full name> of the log repository you want to index like this: open Microsoft Event Viewer, right-click the log repository for Hyper-V, click Properties, and copy/paste what's in the Full Name field.

HTH
Ron

View solution in original post

Ron_Naken
Splunk Employee
Splunk Employee

If you add a data input for either Local Event Log Collection or Remote Event Log Collection in the UI, Splunk will allow you to enumerate the log repositories under the various branches -- just click on the repository for Hyper-V to add it to the list.

The syntax for WMI.CONF looks like this for a remote machine:

[WMI:HyperV]
disabled = 0
event_log_file = <full name>
interval = 5
server = myserver

You can retrieve the <full name> of the log repository you want to index like this: open Microsoft Event Viewer, right-click the log repository for Hyper-V, click Properties, and copy/paste what's in the Full Name field.

HTH
Ron

Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out &gt;&gt; As our brave ...