Instead of using Basic, switch to Custom and use the Event Log to get the XPath. See Extract XPath queries from Windows Event Viewer for more details but you can use Get-WinEvent
to confirm the XPath is returning the results.
How to Collect Windows event log data from standard logs, like System and Application using MMA
Hi Experts
We are using Log analytic workspace to fetch the logs from an windows server in which we have hosted the DNS server, previously we are using Log Analytics agents where we get the options to specify from where we should fetch logs we are getting the DNS Audit logs which are stored as Microsoft-Windows-DNSServer/Audit, using Log Analytics agents it is easy by using agent management as shown in the Screenshot, since it is migrating to MMA we are unable to get the audits logs and others logs using MMA and DCR(Data Collection Rules)
We are unable to find the options to specify the path where we need to extract the logs like in Log Analytics agents, we are using the DCR but getting options for Windows Events, DCR we are using are shown in second picture
How we can get the standards logs like Audit logs for DNS and ADDS logs from the location from MMA agents??? we are following
https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-windows-events document
Kindly Assist into this
Thanks In advance
Azure Monitor
2 answers
Sort by: Most helpful
-
Ryan Hill 30,281 Reputation points Microsoft Employee Moderator
2023-08-25T01:23:25.66+00:00 -
VDIAS 5 Reputation points
2024-08-16T10:30:24.5233333+00:00 How to extract DNS Audit logs... there is no event as it to extract the Xpath...