Splunk Search

Generating Custom Events from many sources not directly monitored by SPLUNK

lbrindise
New Member

Have never used Splunk; just looking to see if something is possible.
I not only want to monitor the things that Splunk seems able to handle out of the box, (CPU, RAM, EventLogs, etc), but I'm wondering how common the practice might be of the following:
1. I create a Windows Service that can write to its host's EventLog.
2. I set Splunk to monitor for the custom events that my Windows Service might create.
3. These are all custom events tied to specific activities my custom service is monitoring for.
4. My Windows Service monitors application level activities, like availability of certain web sites, available of web services, status of test T-SQL queries; obviously, this Windows Service has code that is capable of "hitting" these application-level entities; and then upon concluding success/fail, it can write an appropriate custom event into the EventLog.
5. Then Splunk can be configured to monitor for these specific events.
I'm thinking this is a cool idea; is there a reason this is not a good idea?
Thanks for your guidance.
-Larry

0 Karma

kristian_kolb
Ultra Champion

As long as your custom event log follows the format of;

key_1=value_1
key_2=value_2
key_n = value_n
Message=something
  key_x :   value_x
  key_y :   value_y
  key_z :   value_z

the default field extractions should work out of the box. It's not like it won't work at all otherwise, but you might have to do some configuring yourself. Shouldn't really be hard, but I'm just saying, since you have little/no experience.

/K

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...