VMware Cloud Community
bvi2006
Contributor
Contributor
‎04-19-2023 01:53 PM

Windows OS Tags

Hi, 

I am trying to create a tag for Windows servers so that Splunk can use the tag to grab the logs of the Windows servers which have been pushed to LogInsight. I see that I can do that in the insight client config, but I don't think that is working. Since VCenter knows what OS was set when the vm was built, what built-in tag would I be able to use? Or, any ideas would be greatly appreciated! 

Thanks!

Reply
0 Kudos
3 Replies
Shen88
Enthusiast
Enthusiast
‎04-20-2023 04:34 PM

@bvi2006,

Just another thought, maybe you could use the 'Event Forwarding' feature in Log Insight to forward the windows events to Splunk, the link here talks about forwarding the vCenter Security events to Splunk. However, similarly one could configure event forwarding for windows events.

How to Forward Security Events from vRealize Log Insight to Splunk - VMware Customer Experience and ...

If you think your queries have been answered, Mark this response as "Correct" or "Helpful" and consider giving kudos to appreciate!

Regards,
Shen
Reply
0 Kudos
bvi2006
Contributor
Contributor
‎04-21-2023 05:30 AM

Thank you Shen. I had been asked to create a tag on the client. I will do this instead.

Do you know how I can get a tag that I create for the Windows agent to be available to filter on that later? 

Also, do you know how to filter on a VMware vm Vcenter tag?

 

Thank you!

Reply
0 Kudos