creating a query for Hyper-V | Log collection solutions

#1 rc 6 years ago

Hello,

I would like to forward logs generated by HypErV.

In event viewer they are in Applications and Services logs -> Microsoft -> Windows -> Hyper-V-*

I tried to add a query in the input configuration but I didn't manage to find the correct path to configure.

I tried several path but each time I have an error "the channel was not found "

Query <QueryList> \

What should I put instead of Hyper-V-logs to send hyperV logs?

Can someone help me?

Regards,

Permalink

#2 b0ti Nxlog ✓ 6 years ago

#1 rc

Hello, I would like to forward logs generated by HypErV. In event viewer they are in Applications and Services logs -> Microsoft -> Windows -> Hyper-V-* I tried to add a query in the input configuration but I didn't manage to find the correct path to configure. I tried several path but each time I have an error "the channel was not found " Query <QueryList> \ <Query Id="0"> \ <Select Path="Security">*</Select> \ <Select Path="Hyper-V-logs">*</Select> \ </Query> \ </QueryList> </Input> What should I put instead of Hyper-V-logs to send hyperV logs? Can someone help me? Regards,

You can just copy-paste the XML query from event viewer into <QueryXML> and it should work.

See https://blogs.technet.microsoft.com/askds/2011/09/26/advanced-xml-filtering-in-the-windows-event-viewer/ and https://nxlog.co/documentation/nxlog-user-guide#windows-eventlog