We have some database hosts we can't install OneAgent on, so we setup Windows Event Viewer Subscriptions on a remote host that does have OneAgent installed. 

Basically, the Windows Event Viewer on the "collector" host (the one that does have OneAgent installed) is subscribed to the Application and System event logs on two Windows Database Servers that don't have OneAgent installed.  The collector then collects the logs from those two database servers using the Windows Event Viewer Subscriptions feature and stores them in the "Forwarded Events" log (Full Name is "ForwardedEvents") on the collector host.

I then added that Forwarded Events log as a Custom Windows Log Source in Dynatrace and I see the log entries in Dynatrace.

Great, right?

Unfortunately, no... not so great.

For some reason, Dynatrace doesn't collect two important columns, even though they do exist in the actual event log on the collector host:

"Log" and "Computer".

The Log field tells you which log the particular record came from (either Application or System in our case) and the Computer field tells you which of the two database hosts sent this particular record.

Since Dynatrace doesn't collect these two fields, I have no way of doing anything meaningful with these logs...  I don't know which hosts they came from nor do I know which original event log they belonged to...

The simple solution would be to create custom Windows Event Logs and have each log for each host sent to their own respective logs in the collector's event viewer, but creating new logs in Windows isn't very straightforward.

So, is there any way to get Dynatrace to pick up and display those columns?  Why doesn't Dynatrace display them?  I don't get it...