Solved: Windows eventid csv file for Splunk lookup?

maverick · ‎07-29-2010

Does anyone happen to have (or know where I can find) a csv file that contains the various Windows security eventids and their matching humanly-readable meanings so I can use it as my lookup file?

If not, then where is the best page on msdn.com to look for the listing myself so I can compile one?

If I make one myself, then I will share it on splunkbase as an add-on.

Therefore, you can think of it as you are helping me to help you. 🙂

ftk · ‎07-29-2010

http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx

Almost CSV format already!

View solution in original post

muebel · ‎07-29-2010

http://pastie.org/1066138.txt

Link to CSV mapping eventcode to event description^

View solution in original post

splk · ‎03-24-2020

https://docs.splunk.com/Documentation/WindowsAddOn/7.0.0/User/Lookups

muebel · ‎07-29-2010

http://pastie.org/1066138.txt

Link to CSV mapping eventcode to event description^

maverick · ‎07-29-2010

WOW! Thanks! I appreciate it!

djemodjenai · ‎03-18-2020

This pastie link may be down.

ftk · ‎07-29-2010

http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx

Almost CSV format already!

maverick · ‎07-29-2010

Thanks! This will help.

Windows eventid csv file for Splunk lookup?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation