Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Where can I find an explanation of the Windows Event codes?

efranklin
Engager
‎04-18-2017 11:31 AM

I'm new to Splunk and could use some help with Windows Event Codes. Where can I find an explanation of the Windows Event codes? I have several reports that show audit failure based on an event code, but I have no explanation of what the event is for. Thanks in Advance

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎04-18-2017 12:51 PM

Google is your best friend in cases like this. Searching for "windows eventCode 5152" brings up many useful-looking resources. I found this site quite helpful https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/Default.aspx

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎04-18-2017 12:51 PM

Google is your best friend in cases like this. Searching for "windows eventCode 5152" brings up many useful-looking resources. I found this site quite helpful https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/Default.aspx

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

efranklin
Engager
‎04-18-2017 01:09 PM

Big help. Thank you so much.

0 Karma
Reply
Solved! Jump to solution

aaraneta_splunk
Splunk Employee
Splunk Employee
‎04-18-2017 01:40 PM

@efranklin - Did the answer provided by richgalloway help provide a working solution to your question? If yes, please don't forget to resolve this post by clicking "Accept". Thank you.

Reply
Solved! Jump to solution

efranklin
Engager
‎04-18-2017 12:54 PM

I believe this is what I have been looking for. I have searched Goggle, but didn't stumble onto this. Thanks you so much, you have saved me hours of further searching!!

0 Karma
Reply
Solved! Jump to solution

efranklin
Engager
‎04-18-2017 12:33 PM

Hi,
Thanks for responding. I am attaching a screen shot of the results I got for a search I have for Audit Failure. I created the report to search on the keyword Audit Failure. The results I get has a list of Event Codes where the word Audit Failure appears; however, I don't have an explanation of what each Event Code represents.

![alt text][1]

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎04-18-2017 12:52 PM

i use this website for windows event codes:
https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=5152
i find it pretty good
hope it helps

0 Karma
Reply
Solved! Jump to solution

cmerriman
Super Champion
‎04-18-2017 12:09 PM

do you have an example of the failure text?
i found this about event codes, but i can't find much else. I want to make sure we're talking about the same thing.
http://docs.splunk.com/Documentation/Splunk/6.3.10/Data/MonitorfilesystemchangesonWindows

0 Karma
Reply
Solved! Jump to solution

efranklin
Engager
‎04-18-2017 12:42 PM

Not sure if you received my response. I am attaching a screen shot of the results of my search I created for the keyword Audit Failure. My search has a series of codes i.e., 5152, 5157, 4656, 4625, 4653, etc. Each one of these Event codes appear as a link within the search, when I click on the link, I am not getting an explanation as to what the event code represents.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...