Solved: splunk for windows app and splunk universal forwar...

HansK · ‎10-10-2011

I'm using the universal forwarder (4.2.3) to forward from windows servers to a linux splunk host ( 4.2.3, build 105575).

I've installed the windows app but it does nothing with the perfmon data received from the windows host IE. data does noet show up in the performance view. I can search for sourcetype="Perfmon:Free Disk Space" and I find loads of data.

_d_ · ‎10-10-2011

Hi HansK,
It is very likely that the Windows App is still wired to use the old WMI method of capturing data from Windows machines. i.e. the app expects wmi sourcetypes/sources instead of perfmon.
Check this out for more info:
http://blogs.splunk.com/2011/04/20/sssk-1-stuff-splunkers-should-know-perfmon-wmi-collection-in-4-2/

Best,

d.

View solution in original post

_d_ · ‎10-10-2011

Hi HansK,
It is very likely that the Windows App is still wired to use the old WMI method of capturing data from Windows machines. i.e. the app expects wmi sourcetypes/sources instead of perfmon.
Check this out for more info:
http://blogs.splunk.com/2011/04/20/sssk-1-stuff-splunkers-should-know-perfmon-wmi-collection-in-4-2/

Best,

d.

splunk for windows app and splunk universal forwarder

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!