I am new to DataDog and getting back into working with Windows Servers. I am trying to push Event Viewer logs (Security, System, etc) to Datadog logs. I have been successful in terms of setting it up (used their documentation - https://docs.datadoghq.com/integrations/win32_event_log/). I am getting logs into my DD for that server for my System and Security:
logs:
- type: windows_event
channel_path: "System"
source: "System"
service: System_Event
- type: windows_event
channel_path: "Security"
source: "Security"
service: Security_Event
I know that you can push items from the Event Viewer to Events in DD by using Instances and you can be more granular there. But I want that granularity in the logs sections since we rarely view Events. Right now it is showing me all the items in the logs, success, etc. I am looking to only get the Errors and Warnings piped to the Logs.
Thanks for the help. D
Came across the same problem and came up with below config that exclude "Information" event.
- type: windows_event
channel_path: System
source: System
service: eventlog
log_processing_rules:
- type: exclude_at_match
name: exclude_information_event
pattern: ^.*[Ll]evel.*Information.*
Vincent