Collect Custom Windows Event Logs in Log Analytics

Log AnalyticsAdding most Windows Event Logs to Log Analytics is a straightforward process.  Simply go to the Advanced properties in the Workspace > Windows Event Logs and start typing the name.  A pre-populated list will appear as shown below.  Selected the log and add it for collection.  But what if the log you are looking for is not listed in Log Analytics?

Add Event Log

Add Custom Logs

The list in Log Analytics is not all-inclusive.  It leaves out some less commonly used Event Logs and custom Event Logs added by applications.  The good news is Event Logs not found in Log Analytics can simply be added to the list.

This example uses the AppV Client Admin Event Log as an example.  Type AppV in the search box and notice nothing listed.

List Custom Event Log
List Custom Event Log

Next, go to the computer and locate the Event Log.  This example uses a default install of Server 2016.  The log is under Applications and Services Logs > Microsoft > AppV > Client > Admin.

Locate Custom Event Log
Locate Custom Event Log

Right click on the Event Log and go to properties to find the name of the log.  The name is listed in the Full Name field.

Custom Log Full Name
Custom Log Full Name

Next, copy the name and paste it into the Windows Event Logs search box in Log Analytics.  Click the + sign to add it and select the type of events to collect as needed.  The Event Log collection blade should look similar to below when finished.

Custom Windows Event Log
Custom Windows Event Log

Test Functionality

With the Custom Windows Event Log added to Log Analytics, it’s time to test.  I’m going to generate some test entries in the AppV Event Log.  Details on how to write to the Event Log are found here.

Create Custom Event Log Events
Create Custom Event Log Events

Give it a few minutes and run a search against the Event schema for the Event Log to see the entries.  Below I limit the displayed results using the project statement.

Search for Custom Event Log Entries
Search for Custom Event Log Entries

That is all there is to adding non-standard logs to Log Analytics and searching against them.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.