We use splunk to ingest Windows Event Logs. How do I determine via the event logs when a machine is in the desired state or not. Also, how to I determine if there were/are errors in the DSC configuration for a particular machine by examining its event logs. I would like to be able to have splunk generate a dashboard that shows me a history of each machine so that we can determine/alert when desired state is not being met.
Thanks
“How do I determine via the event logs when a machine is in the desired state or not.”
I’m not sure. Do you mean, “we’re using DSC, is there anything in the event log that DSC creates that lets me know the machine is compliant or not?”
Have you looked at the Operational, Debug, and Analytic logs for DSC?
Yes, but I am looking for specifics, like 4201 = All Ok, etc. I would like to be able to pull and alert based on Event ID from the DSC Event logs if possible.