# Windows data

### Pre-Reqs

* Anvilogic account
* Snowflake data repository connected to your Anvilogic account
* [AWS CLI Installed ](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)
* [FluentBit installed](https://docs.fluentbit.io/manual/installation/getting-started-with-fluent-bit)

### Setting up FluentBit Config

1. Anvilogic will provide a S3 bucket and the corresponding access keys/ids (note these change for each integration) when you create a forward events integration in your Anvilogic deployment.
   1\.

   ```
   <figure><img src="https://4253518893-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FyHwthHcpZXpcJV1cs4SA%2Fuploads%2F5lAnQX3s5aICw996Rl7G%2FScreenshot%202024-09-09%20at%2010.51.50%E2%80%AFAM.png?alt=media&#x26;token=de60b215-21c5-4c3e-8de4-18c805358c09" alt=""><figcaption></figcaption></figure>
   ```
2. Following the steps of the AWS CLI install, once you have done the installation correctly - Please run `aws configure` and paste in the access key and id provided. Once this is completed, validate that the credentials have been created - usually `C:\Users\YourUsername.aws\credentials`.
3. Once that has been validated, we need to create a system variable in order for fluentBit to read/use these credentials. To do so;
   1. Open the Start Menu and search for “Environment Variables.”
   2. Select Edit the system environment variables.
   3. In the System Properties window, click the Environment Variables button.
   4. Under System variables, click New.
   5. Enter the following:
      1. Variable name: AWS\_SHARED\_CREDENTIALS\_FILE
      2. Variable value: C:\Users\YourUsername\\.aws\credentials
   6. Next we need to configure fluentbit to read our logs and send them to S3. In this example, we will be ingesting the windows event logs. You can change what channels by simply adding or removing them.&#x20;
      1. Please note, the bucket will be the bucket name/path.&#x20;
         1. This could mean that it is sdi\_customer\_data-1 or -2 or -3.&#x20;

```
[INPUT]
    Name         winlog
    Channels     Security, Application, System
    Interval_Sec 1

[OUTPUT]
    Name              s3
    Match             *
    bucket            avl-raw-prod-s3-221-24243202/sdi_custom_data-1
    region            us-east-1
    use_put_object    On
    Store_dir         C:\Windows\Temp\fluent-bit\s3
    s3_key_format     /$TAG/%Y/%m/%d/%H-%M-%S
```

Once you have pasted the above config into your fluentBit.conf file (typically located at C:\Program Files\fluent-bit\conf )

* **NOTE**: You can also edit or add any of your own customer parsers for logs by editing the parser.conf file at /etc/fluent-bit/
* Once you have edited your fluent-bit.conf, please restart the fluentBit application

5. You can now confirm that data has landed in your snowflake account.&#x20;
   1\.

   ```
   <figure><img src="https://4253518893-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FyHwthHcpZXpcJV1cs4SA%2Fuploads%2FsMnjQRK4gHiwRIZsg24g%2Fimage.png?alt=media&#x26;token=b2d39fd6-b7b0-45ed-8088-1f25073a74a0" alt=""><figcaption></figcaption></figure>

   <figure><img src="https://4253518893-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FyHwthHcpZXpcJV1cs4SA%2Fuploads%2F5iqGwz5XJzriXUVjECOh%2Fimage.png?alt=media&#x26;token=5d6d3339-7357-4205-9321-b7bcdda0d0e5" alt=""><figcaption></figcaption></figure>
   ```

Please update the input section of this example config to fit your exact needs.&#x20;