Getting Started with the Agent
Connect Event Viewer to Datadog in order to:
Use the Windows Event Viewer GUI to list all the event logs you can capture with this integration.
To determine the exact values you can set your filters to, use the following PowerShell command:
Get-WmiObject -Class Win32_NTLogEvent
For instance, to see the latest event logged in the
Security LogFile, use:
Get-WmiObject -Class Win32_NTLogEvent -Filter "LogFile='Security'" | select -First 1
The values listed in the output of the command are the ones you can set in
win32_event_log.yaml to capture the same kind of events.
Get-EventLogPowerShell command or the Windows Event ViewerGUI may slightly differ from
Get-WmiObjectif the integration doesn't capture the events you set up.
This integration requires a Datadog Agent version >= 3.2.4
1 - Configure one or more filters for the event log. A filter allows you to choose what log events you want to get into Datadog.
You can filters on the following properties:
For each filter, you will add an instance in the configuration file at
Here are some example filters you could use:
instances: # The following will capture errors and warnings from SQL Server which # puts all events under the MSSQLSERVER source and tag them with #sqlserver. - tags: - sqlserver type: - Warning - Error log_file: - Application source_name: - MSSQLSERVER # This instance will capture all system errors and tag them with #system. - tags: - system type: - Error log_file: - System
2 - Restart the Agent using the Agent Manager (or restart the service)
Check the info page in the Agent Manager and verify that the integration check has passed. It should display a section similar to the following:
Checks ====== [...] win32_event_log --------------- - instance #0 [OK] - Collected 0 metrics, 2 events & 1 service check