How to onboard winevents with Splunk native otel agent instead of fluentd? #17351
Replies: 1 comment 2 replies
-
|
Take a look at https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/windowseventlogreceiver as it might be what you’re looking for. |
Beta Was this translation helpful? Give feedback.
-
|
Tried it's not working and getting 1064 syntax error but there is no issue related to that. receivers: Also tried with filelog receiver with the winevent operetor, but still same issue. receivers: |
Beta Was this translation helpful? Give feedback.
-
|
1064 error? Can you attach the whole stacktrace? |
Beta Was this translation helpful? Give feedback.
-
Hi,
Earlier we have used fluentd or td-agent to onboard the logs and winevents into Splunk observability backend. After that for linux logs and application logs we have replaced fluend with the filelogreceiver which is otel agent native capability.
Similarly, I have tried to onboard the windows system events, but the events are not parsing as those are with .evtx extension.
filelog/winevents:
include: [ C:\Windows\System32\winevt\Logs\System.evtx ]
start_at: beginning
include_file_path: true
encoding: utf-8
multiline:
line_start_pattern: '^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{3}'
Is there any to onboard the win evnts directly with the help of Splunk otel agent? I have found similar thing with the observIQ’s otel agent. please check the below link for your references.
File Log Receiver: https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/filelogreceiver
observIQ’s Otel Agent: https://observiq.com/blog/monitoring-windows-events-with-opentelemetry/
Beta Was this translation helpful? Give feedback.
All reactions