I am looking for TA for DNS logs from 2012 R2 DNS servers. Would TA-DNSServer-NT6 work? I believe TA-DNSServer-NT6 was created for Windows 2008 R2 DNS Services.
TA-DNSServer-NT6 is for 2008 and later, so it should be used for 2012 R2.
TA-DNSServer-NT6 is for 2008 and later, so it should be used for 2012 R2.
This doesn't seem to work for 2012 DNS Analytical logs. I have the following monitoring stanza but it's throwing an error.
[WinEventLog://Microsoft-Windows-DNSServer/Analytical]
'WinEventLogChannel::subscribeToEvtChannel: Could not subscribe to Windows Event Log channel ‘microsoft-windows-dnsserver/analytical errorCode=15009’
https://technet.microsoft.com/en-us/library/dn800669.aspx#dbug
Did you find a solution for reading the Microsoft-Windows-DNSServer/Analytical logs? It's my understanding from this article that the analytical log can't be read "online" if circular logging is enabled.
Error when enabling Analytic or Debug event log: "The requested operation cannot be performed over a...
One solution might be to switch the event log to manual clearing and configure the Splunk add-on to do that log clearing. I'm not sure if that's a feature of the add-on.
download splunk app for windows infrastructure https://splunkbase.splunk.com/app/1680/ then dive to appserver then to addons then you will find DNS TA and other usefull once ....
good luck