Getting Data In

Monitoring Windows Hyper-V Event Logs

tgow
Splunk Employee
Splunk Employee

What is the inputs.conf syntax for monitoring Windows Hyper-V Event Logs? Hyper-V event logs are stored in the Event Viewer under "Applications and Services Logs", "Microsoft", "Windows".

Thanks in advance.

1 Solution

Ron_Naken
Splunk Employee
Splunk Employee

If you add a data input for either Local Event Log Collection or Remote Event Log Collection in the UI, Splunk will allow you to enumerate the log repositories under the various branches -- just click on the repository for Hyper-V to add it to the list.

The syntax for WMI.CONF looks like this for a remote machine:

[WMI:HyperV]
disabled = 0
event_log_file = <full name>
interval = 5
server = myserver

You can retrieve the <full name> of the log repository you want to index like this: open Microsoft Event Viewer, right-click the log repository for Hyper-V, click Properties, and copy/paste what's in the Full Name field.

HTH
Ron

View solution in original post

Ron_Naken
Splunk Employee
Splunk Employee

If you add a data input for either Local Event Log Collection or Remote Event Log Collection in the UI, Splunk will allow you to enumerate the log repositories under the various branches -- just click on the repository for Hyper-V to add it to the list.

The syntax for WMI.CONF looks like this for a remote machine:

[WMI:HyperV]
disabled = 0
event_log_file = <full name>
interval = 5
server = myserver

You can retrieve the <full name> of the log repository you want to index like this: open Microsoft Event Viewer, right-click the log repository for Hyper-V, click Properties, and copy/paste what's in the Full Name field.

HTH
Ron

Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...