We use splunk to ingest Windows Event Logs. How do I determine via the event logs when a machine is in the desired state or not. Also, how to I determine if there were/are errors in the DSC configuration for a particular machine by examining its event logs. I would like to be able to have splunk generate a dashboard that shows me a history of each machine so that we can determine/alert when desired state is not being met.
Yes, but I am looking for specifics, like 4201 = All Ok, etc. I would like to be able to pull and alert based on Event ID from the DSC Event logs if possible.