Monitor local Windows events
You can create a data collector to collect Windows events. This data collector can collect Windows events locally.
Local collection implies collection of events by using the Collection Agent and from the computer where the Collection Agent resides. To collect Windows events remotely, see Monitor-remote-Windows-events. For more information about local and remote collection, see Agent-types.
Failed to execute the [panel] macro. Cause: [Missing macro content: this macro requires content (a body)]. Click on this message for details.
To collect Windows events locally
- Navigate to Administration > Data Collectors > Add Data Collector
. - In the Name box, provide a unique name to identify this data collector.
From the Type list, select Monitor Local Windows Events.
Provide the following information, as appropriate:Field
Description
Target/Collection Host
Collection Host (Agent)
Type or select the collection host depending on whether you want to use the Collection Station or the Collection Agent to perform data collection.
The collection host is the computer on which the Collection Station or the Collection Agent is located.
By default, the Collection Station is already selected. You can either retain the default selection or select the Collection Agent.
Note: For this type of data collector, the target host and collection host are expected to have the same values.
Collector Inputs
Windows Logs
Select the log types that you want to collect by using this data collector. You can select Application, Security, or System.
To select multiple items, press Ctrl and then select the items.
Poll Interval (mins)
Enter a number to specify the poll interval (in minutes) for the log collection (0 indicates that this is a one-time log collection).
By default, this value is set to 1.
Start/Stop Collection
(Optional) Select this check box if you want to start the data collection immediately.
The [expand] macro is a standalone macro and it cannot be used inline. Click on this message for details.
Tags
Inherit Host Level Tags From Target Host(Optional) Select this check box to inherit your tag selections associated with the target host that you selected earlier. This option is not applicable if you did not select a target host. Note that after selecting this check box, you can further manually select additional user groups. When you manually select additional user groups, both the inherited permissions as well as the manually assigned permissions are applied. To remove the inherited permissions, clear this check box.Select Tag name and corresponding value(Optional) Select a tag name and specify the corresponding value by which you want to categorize the data collected. Later while searching data, you can use these tags to narrow down your search results.Example: If your are collecting data from hosts located at Houston, you can select a tag name for "Location" and in the value specify "Houston". While searching the data, you can use the tag, Location="Houston" to filter data and see results associated with the Houston location.To be able to see tag names, you need to first add them by navigating to Administration > System Settings.To specify tag names and corresponding values, in the left box select a tag name and then type the corresponding tag value in the right box. While you type the value, you might see type-ahead suggestions based on values specified in the past. If you want to use one of the suggestions, click the suggestion. Click Add
to add the tag name and corresponding value to the list of added tags that follow. Click Remove Tag 
to remove a tag.The tags saved while creating the data collector are displayed on the Search tab, under the Filters panel, and in the Tags section.Note: At a time, you can specify only one value for a tag name. To specify multiple values for the same tag name, each time you need to select the tag name, specify the corresponding value, and click Add.For more information about tags, see Understanding-fields-and-tags.- Click Create to save your changes.