Collecting Errors from System Event Log to Log Analytics Workspace

To collect errors from the System event log of SRV1 to a Log Analytics workspace, you can follow these steps:

1. Open the Log Analytics workspace that you want to use to collect the logs.
2. Click on the "Advanced Settings" menu in the left-hand pane, and then click on "Data".
3. In the "Data" pane, click on the "Windows Event Logs" tab, and then click on the "+ Add" button.
4. In the "Add data source" dialog box, select "Event log" as the source type.
5. Select "System" as the log type, and then click on the "Connect" button.
6. In the "Add data source" dialog box, select "Connect to a workspace directly" as the connection method.
7. Select the Log Analytics workspace that you want to use, and then click on the "Connect" button.
8. In the "Add data source" dialog box, configure the following settings:

• Log Name: System
• Filter Query: EventLog="System" AND Level>=2
• Log Analytics Workspace: Select the workspace you want to use

9. Click on the "Add" button to add the data source to your Log Analytics workspace.
10. To collect the source files from the \dc1.contoso.com\install folder, you can use the Azure Monitor agent to collect the files and then upload them to the Log Analytics workspace. To do this, you can follow these steps:

• Install the Azure Monitor agent on the SRV1 computer.
• Configure the agent to monitor the \dc1.contoso.com\install folder for changes.
• Configure the agent to upload any changes to the Log Analytics workspace.

Once you have completed these steps, errors from the System event log of SRV1 will be collected in your Log Analytics workspace, along with any changes to the source files in the \dc1.contoso.com\install folder.