Event Logs | System Logs | Warnings and Errors

This will hit all of the host and pull back the eventlogs and group them by Message. You can change the source to what ever windows eventlogs you need source=wineventlog:application source=wineventlog:security source=wineventlog:system host=”*” source=wineventlog:system NOT Type=Information | stats count by Message | sort -count | table count, Message

Continue Reading →

Start a Windows Service

This Splunk Query will return results for any Windows Service that has started. Ensure the Splunk App for Windows is installed grab it here: https://apps.splunk.com/app/742/ sourcetype=WinEventLog:Application EventCode=105 | eval Date=strftime(_time, “%Y/%m/%d”) | stats count by Date, SourceName, host | sort – Date | fields – count

Continue Reading →

Shutdown or Suspend a Service in Windows

This splunk query will return results for any Windows Service that has been stopped. Ensure the Splunk App for Windows is installed grab it here: https://apps.splunk.com/app/742/ sourcetype=WinEventLog:Application EventCode=108 | eval Date=strftime(_time, “%Y/%m/%d”) | stats count by Date, SourceName, host | sort – Date | fields – count

Continue Reading →