The value under the column LogName is the name of the channel. In the above example, the channel name is Security.
Add channels to the logs section of your win32_event_log.d/conf.yaml configuration file. Each channel also requires an entry in the instances section of the file. This example shows entries for the Security and <CHANNEL_2> channels:
Edit the <CHANNEL_X> parameters with the Windows channel name you want to collect events from.
Set the corresponding source parameter to windows.events to benefit from the integration automatic processing pipeline.
The values listed in the output of the command can be set in win32_event_log.d/conf.yaml to capture the same kind of events.
The information given by the Get-EventLog PowerShell command or the Windows Event ViewerGUI may slightly differ from Get-WmiObject. Double-check your filters' values with Get-WmiObject if the integration doesn't capture the events you set up.
Configure one or more filters for the event log. A filter allows you to choose what log events you want to get into Datadog.
Filter on the following properties:
type: Warning, Error, Information
log_file: Application, System, Setup, Security
source_name: Any available source name
user: Any valid user name
For each filter, add an instance in the configuration file at win32_event_log.d/conf.yaml.
instances:# The following captures errors and warnings from SQL Server which# puts all events under the MSSQLSERVER source and tag them with #sqlserver.- tags:- sqlservertype:- Warning- Errorlog_file:- Applicationsource_name:- MSSQLSERVER# This instance captures all system errors and tags them with #system.- tags:- systemtype:- Errorlog_file:- System