No log data available in Custom log sources

Etienne1 · ‎19 Feb 2025

Hello,

I don't understand why I'm getting the ‘no log data available’ error.

I looked at this post for inspiration:
Custom Log Source - Windows Event Log

Here are some screenshots of the custom log sources and my log ingest rule and the log path I'm trying to retrieve:

%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-Dhcp-Server%4Operational.evtx

kind regards

AntonPineiro · ‎19 Feb 2025

Hi,

Have you check Security rules?

Your link example they had used this:

{
   "directory-pattern":"/windows/system32/winevt/Logs/",
   "file-pattern":"*",
   "action":"INCLUDE"
}

Best regards

❤️ Emacs ❤️ Vim ❤️ Bash ❤️ Perl

Etienne1 · ‎20 Feb 2025

Hello,

I will try this solution

GerardJ · ‎19 Feb 2025

Hi @Etienne1

In the link example solution, he mentionned that he finally used this :

So adding a .evtx extension to the custom log source path.
You should try this :
Custom log Source : "Microsoft-Windows-Dhcp-Server/Operational.evtx"
Ingest Rule : easy way : "Microsoft-Windows-Dhcp-Server*" (or "Microsoft-Windows-Dhcp-Server/Operational")

Best regards

Gerard

Etienne1 · ‎20 Feb 2025

Hello,

I've already tried to use the example in the solution but it doesn't work, I'm going to try adding the security rules.

Joachim_Erdei · ‎20 Feb 2025

Hi, please see https://docs.dynatrace.com/docs/analyze-explore-automate/logs/lma-log-ingestion/lma-log-ingestion-vi... (point 6, Expandable Content) - there it is shown what should be provided for event logs in custom log sources

Etienne1 · ‎20 Feb 2025

Hi,

I've tested your solution but it doesn't work at the moment. I think the problem is linked to permissions on the oneagent or on the server folder.