Building for the Splunk Platform

Need information about Windows event/Performance monitoring using config files

Ajinkya1992
Path Finder

Hello,
Do we have any document which guides in detail what all things we can monitor in events log and in performance logs on windows?

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

Hi,

As this is very broad question for monitoring various events log and performance on Windows but you can start with below documentations

http://docs.splunk.com/Documentation/Splunk/7.2.0/Data/MonitorWindowsperformance
http://docs.splunk.com/Documentation/WindowsAddOn/5.0.1/User/AbouttheSplunkAdd-onforWindows

If you will provide more detailed information in your questions then it will be easy for community members to provide accurate answers.

0 Karma

Ajinkya1992
Path Finder

Thanx Harshil,
Yes, I have gone through these links. Monitoring Events logs and monitoring performance.
Actually, I wanted to know what all things we can monitor under both these categories, like memory, disk usage, CPU etc for performance or App, security, system from events logs.
Same like this it would be very helpful if we get any detailed document says xxx things can be monitored under events yyy things can be monitored under performance

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

It depends on what you want to achieve ( I am not aware of any such ready made document which will say that monitor XYZ on Application Events Log to achieve ABC goal because every organization have different type of requirement to achieve their monitoring goals), if you look at Splunk Add-on for Windows you can achieve this but still you need to configure that add-on based on your requirement.

For example : [WinEventLog://Application] will monitor each and every events of Windows Application Events but if you want to monitor only certain Event ID then you can use whitelist or blacklist based on your requirement, reference doc , same with performance of Windows host, you can use different perfmon stanza ([perfmon:...]) to achieve your goal.

0 Karma
Get Updates on the Splunk Community!

Introducing Ingest Actions: Filter, Mask, Route, Repeat

WATCH NOW Ingest Actions (IA) is the best new way to easily filter, mask and route your data in Splunk® ...

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...