Solved: Re: Windows eventid csv file for Splunk lookup?

maverick · ‎07-29-2010

Does anyone happen to have (or know where I can find) a csv file that contains the various Windows security eventids and their matching humanly-readable meanings so I can use it as my lookup file?

If not, then where is the best page on msdn.com to look for the listing myself so I can compile one?

If I make one myself, then I will share it on splunkbase as an add-on.

Therefore, you can think of it as you are helping me to help you. 🙂

ftk · ‎07-29-2010

http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx

Almost CSV format already!

View solution in original post

muebel · ‎07-29-2010

http://pastie.org/1066138.txt

Link to CSV mapping eventcode to event description^

View solution in original post

splk · ‎03-24-2020

https://docs.splunk.com/Documentation/WindowsAddOn/7.0.0/User/Lookups

muebel · ‎07-29-2010

http://pastie.org/1066138.txt

Link to CSV mapping eventcode to event description^

maverick · ‎07-29-2010

WOW! Thanks! I appreciate it!

djemodjenai · ‎03-18-2020

This pastie link may be down.

ftk · ‎07-29-2010

http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx

Almost CSV format already!

maverick · ‎07-29-2010

Thanks! This will help.

Windows eventid csv file for Splunk lookup?

Splunk Observability Cloud | Customer Survey!

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

Starting With Observability: OpenTelemetry Best Practices