- last edited on by
AgataWlodarczyk
Hello, I want to create alert based on certain events from this eventlog, but can't figure out how to make Dynatrace ingest it.
We have one Log storage configuration rule like this
and this works and default eventlogs are visible in Log viewer. I tried adding this Microsoft-Windows-Windows Defender/Operational
like this:
but nothing comes up. According to this documentation page I tried adding a full path to the evtx file which is %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx but this also don't seem to work.
I tried to add the same in Custom log source configuration like this
but still no events show up even though there are new events happening for example when I disable/enable realtime protection in Windows Security GUI.
Ideas?
Thanks to my colleague @Ranjeet_Tiwari it now works. The log storage matcher is changed to
and custom log source rule is like this
However I am not very wise from this and it still doesn't make much sense to me :-]
Featured Posts
