With the recent introduction of syslog parsing and increased attention in the Log Analytics space, is there any work being done on a Windows Event Log parser? If not, would it be appropriate to either reopen issue 2747 on github, or for me to open a new issue as a feature request?
opened 02:43AM - 02 May 17 UTC
closed 04:43AM - 02 May 17 UTC
I need to pull windows event logs so that reports like how many times a certain … event took place can be reported on or if a certain event occurs, i can trigger off a notification. Have tried using the exec plugin to call a powershell script e.g Get-EventLog -LogName Application -Newest 10 | ConvertTo-Json -depth 3 but not all data gets written.
Please advise.
Thanks
1 Like
Hi cruscio, Thanks for the note! This would make an excellent feature request for Telegraf. I suggest opening a new issue (instead of reviving the closed one) using the feature request template Sign in to GitHub · GitHub and then we can take a look at prioritizing it. This will also allow other Telegraf users to comment and add their support.
Thanks,
I opened an issue about this
opened 10:38PM - 19 Aug 18 UTC
closed 08:52PM - 20 Aug 18 UTC
## Feature Request
Since Telegraf 1.7 and it's syslog input plugin, I think T… elegraf should also have a solution for Windows Event Log.
### Proposal:
Implement a input plugin using the [Windows Event Collector](https://msdn.microsoft.com/pt-br/library/bb427443(v=vs.85).aspx) implementation.
That way, the telegraf would remotely subscribe to Windows Events.
### Current behavior:
Telegraf doesn't have a native input plugin for Windows Event Log, and the users need to do a lot of work to get these logs like installing agents (like NXlog) that could forward do syslog input plugin or using exec input plugin and scripts.
### Desired behavior:
To have an input plugin to collect Windows Event Log that could use [Windows Event Collector](https://msdn.microsoft.com/pt-br/library/bb427443(v=vs.85).aspx) without the need to install any third-part service or application to the Windows system.
### Use case:
Windows's sysadmins that are trying to centralize logging storage and analysis with the TICK stack and other compatible Telegraf solutions.
I did the same a couple weeks ago. Neglected to update this posting, unfortunately.
opened 08:42PM - 06 Aug 18 UTC
closed 10:17PM - 28 Sep 20 UTC
feature request
## Feature Request
With the [recent introduction of syslog parsing and increa… sed attention in the Log Analytics space](https://www.influxdata.com/blog/influxdata-log-release/), it would be nice to compliment the syslog Telegraf input with a corresponding log input plugin for Windows. See also - https://community.influxdata.com/t/consuming-windows-event-log/5635
### Proposal:
Telegraf Input plugin similar to the syslog input plugin, designed to feed from Windows Event Log (much like Elastic's [WinLogBeat](https://www.elastic.co/products/beats/winlogbeat) )
### Current behavior:
n/a
### Desired behavior:
Abstract log handling in Influx, with with support for native sources from both Windows and Linux inputs. Specifically, an Event Log telegraf input to complement the syslog input.
### Use case: [Why is this important (helps with prioritizing requests)]
My use case: I work for a software vendor looking to use Influx as a telemetry analytics component of an application monitoring platform to be deployed alongside our software installs. The application monitoring platform currently uses ElasticSearch & Beats for log analytics, but with the growth of Elastic metrics handling and Influx's log handling, we're considering unifying both needs on a single platform. It would be a huge reduction in effort for us to reduce our endpoint footprint from telegraf + 3 beats agents down to a single telegraf agent; and our server footprint from two database clusters (Influx and Elastic) to one InfluxDB cluster
More generally, Influx is a cross-platform solution, but there doesn't seem to be much love for the windows side in the new logging functionality. For those of us stuck monitoring endpoints in Windows land, it'd be nice to see the ecosystem continue to provide cross-platform feature parity.
1 Like
