Edge Delta Windows Event Source
2 minute read
Overview
The Windows Event Source node captures logs directly from Windows Event Viewer channels such as Application, System, Security, etc. This is useful for ingesting native Windows OS logs into your pipeline. The agent pulls logs directly from the selected channel(s) on the local Windows machine.
- outgoing_data_types: log
Example Configuration
In this example, the winevent_input node collects logs from the “Application” channel:
nodes:
- name: winevent_input_a7a8
type: winevent_input
user_description: Windows Event Source
channel: Application
This enables you to collect logs that are emitted by applications running on the system.
Required Parameters
name
A descriptive name for the node. This is the name that will appear in Visual Builder and you can reference this node in the YAML using the name. It must be unique across all nodes. It is a YAML list element so it begins with a - and a space followed by the string. It is a required parameter for all nodes.
nodes:
- name: <node name>
type: <node type>
type: winevent_input
The type parameter specifies the type of node being configured. It is specified as a string from a closed list of node types. It is a required parameter.
nodes:
- name: <node name>
type: <node type>
channel
The channel parameter specifies the Windows Event Viewer channel to collect logs from. It is a required string.
Common channels include:
ApplicationSystemSecurity
nodes:
- name: my_winevent_input
type: winevent_input
channel: "System"
If you’re unsure which channels to use, you can inspect them via Event Viewer (eventvwr.msc) on your Windows system.