NXLog search
Let's talk Start free
Let's talk Start free

Send windows application logs only by specific source name.

Tags:
#1 fg

Hi,

We are looking for a way to only send certain windows application log types to Loggly, could use some help in getting this setup.

Sample (sanitzed) windows application log:

Log Name:      Application
Source:        PlatformService
Date:          4/15/2015 5:59:58 PM
Event ID:      0
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:     XXXXXX.domain.com
Description:
AccountId: 6239745
Email: f3a61cd60de521d6d2c4598713b6e0600aae4e17
Client: PlatformService
EventType: Stats
LoginMethod: Setup

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="PlatformService" />
    <EventID Qualifiers="0">0</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-04-15T17:59:58.000000000Z" />
    <EventRecordID>XXXXXX</EventRecordID>
    <Channel>Application</Channel>
    <Computer>XXXXXX.domain.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>AccountId: 123456
Email: 123456
Client: Harmony Platform Service
EventType: Stats
LoginMethod: Setup
</Data>
  </EventData>
</Event>

We want to be able to search in Loggly using source:

source = "PlatformService"

Permalink
#2 adm Nxlog ✓
#1 fg
Hi, We are looking for a way to only send certain windows application log types to Loggly, could use some help in getting this setup. Sample (sanitzed) windows application log: Log Name:      Application Source:        PlatformService Date:          4/15/2015 5:59:58 PM Event ID:      0 Task Category: None Level:         Information Keywords:      Classic User:          N/A Computer:     XXXXXX.domain.com Description: AccountId: 6239745 Email: f3a61cd60de521d6d2c4598713b6e0600aae4e17 Client: PlatformService EventType: Stats LoginMethod: Setup Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">   <System>     <Provider Name="PlatformService" />     <EventID Qualifiers="0">0</EventID>     <Level>4</Level>     <Task>0</Task>     <Keywords>0x80000000000000</Keywords>     <TimeCreated SystemTime="2015-04-15T17:59:58.000000000Z" />     <EventRecordID>XXXXXX</EventRecordID>     <Channel>Application</Channel>     <Computer>XXXXXX.domain.com</Computer>     <Security />   </System>   <EventData>     <Data>AccountId: 123456 Email: 123456 Client: Harmony Platform Service EventType: Stats LoginMethod: Setup </Data>   </EventData> </Event> We want to be able to search in Loggly using source: source = "PlatformService"

The im_msvistalog has a Query directive, you can copy the XML filter from Event Viewer there.
Login to see more