- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk Add-on for windows
Hello,
Does the below log paths of windows logs can be ingested into Splunk and if this is available in any add-on's?
Microsoft\Windows\Privacy-Auditing\Operational EventLog
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

Any eventlog you can see in the Event Viewer can be ingested into Splunk. It's just that you have to address it properly. The easiest way to find the proper name is to go to Event Viewer, find your eventlog, click RMB, select properties and see the Full Name field. In case of your log it's:
So you need to define a proper inputs.conf stanza for this log:
[WinEventLog://Microsoft-Windows-Privacy-Auditing/Operational]
index=<your_destination_index>
disabled=0
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content


Hi @Roy_9 ,
what is this kind of logs?
is there an add-on for these logs?
if they are text files, you can ingest in Splunk, but I never saw them, so you have to create your parsing rules.
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @gcusello
there are logs for the windows onesettings service "This service offers to report telemetry data back to MS about OS health, build info, etc. in order to keep the computer "healthy" . We came accross this setting recently. The logs are written to "Microsoft\Windows\Privacy-Auditing\" and they are in Windows Event Log
I am not sure whether these events can be tracked using Splunk add-on for windows, any thoughts on this?
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content


