Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk Add-on for windows

Roy_9
Motivator
‎05-29-2024 06:59 AM

Hello,

Does the below log paths of windows logs can be ingested into Splunk and if this is available in any add-on's?

Microsoft\Windows\Privacy-Auditing\Operational EventLog


Thanks

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎05-30-2024 10:33 AM

Any eventlog you can see in the Event Viewer can be ingested into Splunk. It's just that you have to address it properly. The easiest way to find the proper name is to go to Event Viewer, find your eventlog, click RMB, select properties and see the Full Name field. In case of your log it's:

PickleRick_0-1717090201434.png

So you need to define a proper inputs.conf stanza for this log:

[WinEventLog://Microsoft-Windows-Privacy-Auditing/Operational]
index=<your_destination_index>
disabled=0

 

Reply

gcusello
SplunkTrust
SplunkTrust
‎05-29-2024 07:06 AM

Hi @Roy_9 ,

what is this kind of logs?

is there an add-on for these logs?

if they are text files, you can ingest in Splunk, but I never saw them, so you have to create your parsing rules.

Ciao.

Giuseppe

0 Karma
Reply

Roy_9
Motivator
‎05-30-2024 05:34 AM

Hi @gcusello 

there are logs for the windows onesettings service "This service offers to report telemetry data back to MS about OS health, build info, etc. in order to keep the computer "healthy" . We came accross this setting recently. The logs are written to "Microsoft\Windows\Privacy-Auditing\" and they are in Windows Event Log

I am not sure whether these events can be tracked using Splunk add-on for windows, any thoughts on this?


Thanks

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-30-2024 05:38 AM

Hi @Roy_9 ,

you can create a custom input and you have to find the parsing rules.

Ciao.

Giuseppe

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...