How to Collect Windows event log data from standard logs, like System and Application using MMA

Question

Hi Experts

We are using Log analytic workspace to fetch the logs from an windows server in which we have hosted the DNS server, previously we are using Log Analytics agents where we get the options to specify from where we should fetch logs we are getting the DNS Audit logs which are stored as Microsoft-Windows-DNSServer/Audit, using Log Analytics agents it is easy by using agent management as shown in the Screenshot, since it is migrating to MMA we are unable to get the audits logs and others logs using MMA and DCR(Data Collection Rules)

We are unable to find the options to specify the path where we need to extract the logs like in Log Analytics agents, we are using the DCR but getting options for Windows Events, DCR we are using are shown in second picture

How we can get the standards logs like Audit logs for DNS and ADDS logs from the location from MMA agents??? we are following

https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-windows-events document

Kindly Assist into this

Thanks In advance

Answer 1

Instead of using Basic, switch to Custom and use the Event Log to get the XPath. See Extract XPath queries from Windows Event Viewer for more details but you can use Get-WinEvent to confirm the XPath is returning the results.

Answer 2

How to extract DNS Audit logs... there is no event as it to extract the Xpath...