Hello,
For monitoring Microsoft Hyper-V Manager actions I am trying to import analytic and debug logs into Splunk. Although these logs are populated in the Windows Event Viewer, no data shows up in the Splunk views.
What I did:
1. Installed the Hyper-V Server Role on Windows Server 2012
2. Opened the Event Viewer (eventvwr.msc), went to the View Menu and enabled the 'Show Analytic and Debug Logs' option.
3. Right clicked each of the 'Analytic' and 'Debug' logs in 'Applications and Services Logs\Microsoft\Windows\Hyper-V-*'
4. Configured Splunk to fetch data from all 'Hyper-V-*' event logs.
5. Created a new Virtual Machine using the 'New Virtual Machine' wizard in the 'Hyper-V Manager'
When looking at for example the 'Applications and Services Logs\Microsoft\Windows\Hyper-V-VMMS\Analytic' log in the Windows Event Viewer, data is shown regarding the creation of the Virtual Machine. Looking at the Splunks logs however, no data is collected from this log at all.
Any suggestions to tackle this issue?
Thanks in advance!
... View more