Hi All
Greetings.
We have DNS server installed on Windows server 2016. We are able to monitor logs like wineventlog: security, Application etc.
We have also enabled DNS logs and we are getting logs in Analytical.etl location %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-DNSServer%4Analytical.etl.
But it seems that Splunk could not read ETL file. Please help.
Thank you for your Answers. We currently enabled debug logging as Analytical logs was not readable by Splunk. We are currently monitoring the resource utilization of DNS server, if it increases considerably, we again need to think of Analytical logs monitoring.
Thank you for your Answers. We currently enabled debug logging as Analytical logs was not readable by Splunk. We are currently monitoring the resource utilization of DNS server, if it increases considerably, we again need to think of Analytical logs monitoring.
We had the same issue (and a few others improvements we wanted with that Add On) so we ended up bundling all of our fixes here:
Splunk can´t read binary files.
In this post is a suggestion how to get around this though https://answers.splunk.com/answers/64981/monitor-windows-trace-files.html