Hi, i have some events from various applications being written to the windows event log which can be very useful to determine potential application issues. What is the recommended way of capturing that data using Telegraf and storing it in Influxdb? I have tried using a powershell script (Get-EventLog -LogName Application -Newest 10 | ConvertTo-Json -depth 3) and exec plugin but the data isnt being stored properly.
Thanks
Hello
As far as i know, telegraf is not event oriented (an event occur, telegraf capture it). Which mean that Telegraf is not (yet…) able to do what you want.
Doing the get-eventlog could be a solution but you will miss data, “-newest 10” wills end you the last 10 entries whether you have 25 new entries between each collect point.
i use a different way: a script that will be triggered by the Task scheduler that wills end data to the influxdb.
Let say when the app crash/stop it generate event id 401, i create a task scheduled, and use the “on an event” trigger
thus i ssend the data i want.
but yes it mean also i need to know exactly what i want to monitor, and certainly do not correspond on what you want (use influxdb as a central log server of the event viewer)
but that could help
Tonic8
While Telegraf has many event oriented inputs (referred to as service inputs in the Telegraf documentation), the exec plugin is not currently one of them. Keep an eye on this issue for a solution.
Quick update…windows task scheduler allows you to specify if you want it to trigger on errors or warnings. Iam using that to kick off a script that pushes the data into influxdb
I opened an issue about this
@iserialize you could share your solution here or at the issue, to share your pain, and maybe someone could take this and implement a native plugin for Windows Event Logs ? 
