Windows event logs: A dashboard for IT admins

Recently I created a new application with Qlik Sense for being able to monitor your local workstation or laptop. This app gives insight into your windows event logs. This dashboard application also gives IT administrators a tool and some inspiration on what the possibilities are and how those can be achieved using Qlik Sense.

AnalysisSneak

This solution has a few screens which cover:

  1. Dashboard
    • Total events
    • Events per Logtype
    • Events over time
    • Events per source name
  2. Analysis
    • Alerts per source name
    • Events and error % per eventCode ID + Tabular details
    • ErrorFlow for LogType -> Source Name -> EventType + Tabular details
  3. Details
    • Tabular details for:
      • Date of occurence
      • Hour
      • ComputerName
      • User
      • EventType
      • Source
      • Message
      • EventCode ID

So this is basically the structure of the app or the Table of Contents, if you will. In the following you will find the resources for installation and usage.

Files needed:


 

For installation and usage you can also read the following:

This document is a short introduction to get up and running with this windows event log monitor in Qlik Sense. This solution is built for demo purposes. To be able to install and use this solution demo, you need to be an administrator of your workstation.

Installing the solution

media_1425463334144.png

To get up and running you need to install the following packages in the right order:

1. First install “Qlik_Sense_Desktop_setup.exe”
2. Secondly install “QlikSense_LogMonitorSetup.exe” (The software will install to c:\TEMP\, this is necessary for the solution to work. Please do not adjust this entry.)

Open Qlik Sense to use your Log Monitor

media_1425464966872.png

1. Open Qlik Sense
2. In the Qlik Sense hub click on the app “Qlik Sense Log Monitor”

This will now open the app in the ‘App Overview’.

This is what the app overview looks like

media_1425465172502.png

Next: We want to open the “Data load editor” to load the data from our windows event logs.

Opening the data load editor

media_1425465323045.png

1. Click on the ‘compass’ icon in the top left of the app overview.
2. Then choose “Data load editor”.

Next: We actually are going to activate to conversion process to generate a CSV file from our Windows event logs. This process will be taken care of by the solution after we hit ‘Reload data’ in the ‘Data load editor’.

Activating our process for converting and loading the log data

media_1425465598502.png

In the ‘Data load editor’ we only have to click on ‘Load data’. When we do this the process will start.

The loading process in progress

media_1425465716035.png

These popups and windows will appear when you start the process for converting and loading the data. This might take a minute or two depending on the data volume that is in your windows event logs.

Back to the app overview

media_1425471167572.png

1. Go back to the app overview

Using the Log Monitor after loading the data

opendashboard.png

When the process for loading data is finished the windows and popups will disappear.

We now do the following steps:

1. Go to the sheet called “Dashboard”
2. The dashboard will open like on the example image
3. Check in the listbox with ‘Computer’, if it holds your computername

Note: Navigating between sheets will bring you to different levels of insight regarding your local PC.


 

If you have feedback, ideas and/or questions let me know. Stay tuned for next posts…