Splunk Dev
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Need information about Windows event/Performance monitoring using config files

Ajinkya1992
Path Finder
‎10-16-2018 03:39 AM

Hello,
Do we have any document which guides in detail what all things we can monitor in events log and in performance logs on windows?

0 Karma
Reply

harsmarvania57
Ultra Champion
‎10-16-2018 04:24 AM

Hi,

As this is very broad question for monitoring various events log and performance on Windows but you can start with below documentations

http://docs.splunk.com/Documentation/Splunk/7.2.0/Data/MonitorWindowsperformance
http://docs.splunk.com/Documentation/WindowsAddOn/5.0.1/User/AbouttheSplunkAdd-onforWindows

If you will provide more detailed information in your questions then it will be easy for community members to provide accurate answers.

0 Karma
Reply

Ajinkya1992
Path Finder
‎10-16-2018 10:33 PM

Thanx Harshil,
Yes, I have gone through these links. Monitoring Events logs and monitoring performance.
Actually, I wanted to know what all things we can monitor under both these categories, like memory, disk usage, CPU etc for performance or App, security, system from events logs.
Same like this it would be very helpful if we get any detailed document says xxx things can be monitored under events yyy things can be monitored under performance

0 Karma
Reply

harsmarvania57
Ultra Champion
‎10-17-2018 03:00 AM

It depends on what you want to achieve ( I am not aware of any such ready made document which will say that monitor XYZ on Application Events Log to achieve ABC goal because every organization have different type of requirement to achieve their monitoring goals), if you look at Splunk Add-on for Windows you can achieve this but still you need to configure that add-on based on your requirement.

For example : [WinEventLog://Application] will monitor each and every events of Windows Application Events but if you want to monitor only certain Event ID then you can use whitelist or blacklist based on your requirement, reference doc , same with performance of Windows host, you can use different perfmon stanza ([perfmon:...]) to achieve your goal.

0 Karma
Reply
Get Updates on the Splunk Community!

New This Month - Splunk Observability updates and improvements for faster ...

What’s New? This month, we’re delivering several enhancements across Splunk Observability Cloud for faster and ...

What's New in Splunk Cloud Platform 9.3.2411?

Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...

Buttercup Games: Further Dashboarding Techniques (Part 6)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top