Ask questions. Get answers. Find technical product solutions from passionate experts in the NXLog community.

Issue selecting specific levels of windows application logs in NXLog
I'm trying to pass only Warning / Error / Critical level Application Logs through NXLog to my ELK stack. When I have this configuration <Input EventLog_In> Module im_msvistalog <QueryList>\ <Query Id="0">\ <Select Path="Application">*</Select>\ </Query>\ </QueryList> Exec to_json(); </Input> everything works fine, and I'm collecting all levels of Application logs. I tried putting in a parameter on the <Select Path> line like this <Select Path="Application">*[Application/Level=1]</Select>\ And it craps itself and I get nothing. NXLog isn't reporting any issue, and I'm not seeing anything on the logstash side of things. I got the information about Event Viewer querying from this thread and adapted it to my use case: https://serverfault.com/questions/543494/query-specific-logs-from-event-log-using-nxlog

pcort42 created
Replies: 1
View post »
last updated