Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Generating Custom Events from many sources not directly monitored by SPLUNK

lbrindise
New Member
‎09-12-2013 11:47 AM

Have never used Splunk; just looking to see if something is possible.
I not only want to monitor the things that Splunk seems able to handle out of the box, (CPU, RAM, EventLogs, etc), but I'm wondering how common the practice might be of the following:
1. I create a Windows Service that can write to its host's EventLog.
2. I set Splunk to monitor for the custom events that my Windows Service might create.
3. These are all custom events tied to specific activities my custom service is monitoring for.
4. My Windows Service monitors application level activities, like availability of certain web sites, available of web services, status of test T-SQL queries; obviously, this Windows Service has code that is capable of "hitting" these application-level entities; and then upon concluding success/fail, it can write an appropriate custom event into the EventLog.
5. Then Splunk can be configured to monitor for these specific events.
I'm thinking this is a cool idea; is there a reason this is not a good idea?
Thanks for your guidance.
-Larry

0 Karma
Reply

kristian_kolb
Ultra Champion
‎09-12-2013 12:17 PM

As long as your custom event log follows the format of;

key_1=value_1
key_2=value_2
key_n = value_n
Message=something
  key_x :   value_x
  key_y :   value_y
  key_z :   value_z

the default field extractions should work out of the box. It's not like it won't work at all otherwise, but you might have to do some configuring yourself. Shouldn't really be hard, but I'm just saying, since you have little/no experience.

/K

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Hi friends!    At Splunk, your product success is our top priority. With Enterprise Security (ES), we're here ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...