Reputation: 1
Event viewer logs to .txt file non-encrypted
Is there any way to get event viewer logs to .txt file. I tried going to event viewer properties and changing dir and .txt.
However when opening .txt it seems to be encrypted. Want plain text so that I can send to splunk and have a dashboard set up.
Thanks
Upvotes: 0
Views: 484
Answers (1)
Reputation: 2651
An .evtx file is a binary representation of the Event Viewer Log file. Due to the way Microsoft writes these files, it relies on the DLLs of the server that produces these files, so the files can only be open on the same machine, or at least, very similarly configured.
Splunk should be able to open these files by using a regular monitor input. Don't set a sourcetype, as it will be automatically extracted.
Alternatively, you may have some luck with https://github.com/vavarachen/evtx2json
Upvotes: 2
Related Questions
- Splunk - Export events in received order
- Local Log Analyzer Tool
- How to get url to specific splunk event?
- How to download the raw log files from splunk
- How to mask secret values from log files in splunk UI?
- How to add custom field to events in Splunk?
- HTTP Event Collector: How to send logs to Splunk Cloud from command line using curl?
- splunk parsing IIS logfile
- How can web and error events be logged to Splunk using node.js?
- Creating a log file compatible with splunk in c#