Refine your search:

About export .evt file format

0

Gooday Splunkers!!!

Can you give me tips on how i can upload a .evt file to splunk?

Because i have a xxxx.evt here and how i can add as a data to splunk? and convert it as csv file.

i been reading this

http://docs.splunk.com/Documentation/Splunk/5.0/Data/Monitorwindowsdata

and it did not resolve mu issue

Thanks and Regards Cris

asked 20 Oct '12, 02:27

christantoy's gravatar image

christantoy
4112
accept rate: 0%

edited 27 Dec '12, 18:20

piebob's gravatar image

piebob ♦♦
4.6k41023
One Answer:
oldestnewestmost voted
1

Usually you don't read directly the WindowsEventLogs, and use the special inputs that calls the windows system API.

However if you have evt files exported (not locked or touched by windows), you can to monitor them as regular files :

link

answered 20 Oct '12, 21:54

yannK's gravatar image

yannK
13.6k824
accept rate: 31%

edited 27 Dec '12, 18:20

piebob's gravatar image

piebob ♦♦
4.6k41023
Post your answer
toggle preview

Follow this question

Log In to enable email subscriptions

RSS:

Answers

Answers + Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×43

Asked: 20 Oct '12, 02:27

Seen: 385 times

Last updated: 27 Dec '12, 18:20

Related questions

Export normal events instead of csv format with NO limit

Splunk's about Queue Question.

Export results of timechart into CSV or other format

CLI Search - Export JSON File?

Questions about Splunk Queues.

Append String to exported file

export raw AllTime: file not found

Export large search date range in raw format

Copyright © 2005-2012 Splunk Inc. All rights reserved.