Skip to content

Add splunk input for all windows data streams #821

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
marc-gr merged 3 commits into from
Apr 12, 2021
Merged

Add splunk input for all windows data streams #821

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
3bd1467
Add Splunk input for windows
marc-gr Apr 7, 2021
fa6c740
Add config docs
marc-gr Apr 7, 2021
8347863
Remove initial_interval
marc-gr Apr 8, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions packages/windows/_dev/build/docs/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,13 @@ always applies to the local server, the `hosts` config option is not needed. Not
The Windows datasets collect different kinds of metric data, which may require dedicated permissions
to be fetched and which may vary across operating systems.

## Configuration

### Splunk Enterprise

To configure Splunk Enterprise to be able to pull events from it, please visit
[Splunk docs](https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/MonitorWindowseventlogdata) for details. **The integration requires events in XML format, for this `renderXml` option needs to be set to `1` in your `inputs.conf`.**

## Metrics

### Service
Expand Down
5 changes: 5 additions & 0 deletions packages/windows/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "0.5.0"
changes:
- description: Add Splunk input for Winlog data streams.
type: enhancement
link: https://github.com/elastic/integrations/pull/821
- version: "0.4.3"
changes:
- description: Updating package owner
Expand Down
5,025 changes: 5,025 additions & 0 deletions packages/windows/data_stream/forwarded/agent/stream/httpjson.yml.hbs
View file
Open in desktop

Large diffs are not rendered by default.

26 changes: 26 additions & 0 deletions packages/windows/data_stream/forwarded/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,29 @@ streams:
template_path: winlog.yml.hbs
title: Forwarded
description: 'Collect ForwardedEvents channel logs'
- input: httpjson
title: Windows ForwardedEvents via Splunk Enterprise REST API
description: Collect ForwardedEvents via Splunk Enterprise REST API
enabled: false
template_path: httpjson.yml.hbs
vars:
- name: interval
type: text
title: Interval to query Splunk Enterprise REST API
description: Go Duration syntax (eg. 10s)
show_user: true
required: true
default: 10s
- name: search
type: text
title: Splunk search string
show_user: false
required: true
default: "search sourcetype=\"XmlWinEventLog:ForwardedEvents\""
- name: tags
type: text
title: Tags
multi: true
show_user: false
default:
- forwarded
Loading