search

Microsoft Windows

Monitor Windows data with the Splunk platformarrow-up-right

hashtag
How to get Windows data into your Splunk deployment

Windows data you can collect
Link to supporting documentation

Event Logs

Monitor Windows event log data with Splunk Enterprisearrow-up-right

File system changes

Monitor file system changes on Windowsarrow-up-right

Active Directory

Monitor Active Directoryarrow-up-right

Data through the Windows Management Instrumentation (WMI) infrastructure

Monitor data through Windows Management Instrumentation (WMI)arrow-up-right

Registry data

Monitor Windows Registry dataarrow-up-right

Performance metrics

Monitor Windows performancearrow-up-right

Host information

Monitor Windows host informationarrow-up-right

Print information

Monitor Windows printer informationarrow-up-right

Network information

Monitor Windows network informationarrow-up-right

hashtag
Powershell

Monitor Windows data with PowerShell scriptsarrow-up-right

How to Use PowerShell Transcription Logs in Splunkarrow-up-right

[WinEventLog://Microsoft-Windows-PowerShell/Operational]
disabled = 0
renderXml = false
index = wineventlog
source = Microsoft-Windows-PowerShell/Operational
sourcetype = WinEventLog
evt_resolve_ad_obj = 1

hashtag
Microsoft Defender XDR

Splunkarrow-up-right

PreviousMicrosoft AzureNextIntegration Netflow with Splunk

Last updated