Skip to main content
Splunk Lantern

Printer errors

As an IT practitioner, you manage a large number of printers. You need to be able to quickly identify errors across all printers in your environment.

Data required

Windows event logs

Procedure

  1. Verify that you deployed the Splunk Add-on for Microsoft Windows to the search heads and Splunk Universal Forwarders on the monitored systems. For more information, see About installing Splunk add-ons.
  2. Enable the WinPrintMon://job input.
  3. Run the following search. You can optimize it by specifying an index and adjusting the time range.
eventtype=printmon_windows status="printing,error"
| table _time, user, status, document, total_pages, size_bytes, host, printer

Search explanation

The table provides an explanation of what each part of this search achieves. You can adjust this query based on the specifics of your environment.

Splunk Search Explanation
eventtype=printmon_windows status="printing,error" Search for printer errors.
| table _time, user, status, document, total_pages, size_bytes, host, printer Display the results in a table with columns in the order shown.

Next steps

Bringing printer data into Splunk lets you answer questions such as how many print servers and printers are in my environment? What is my current spooling load? How many jobs are having issues? For additional analysis capabilities, you can also enable the following inputs:

  • WinPrintMon://printer
  • WinPrintMon://driver
  • WinPrintMon://port

Finally, you might want to look at similar searches to this in our article Managing printers in a Windows environment