All Apps and Add-ons

splunk for windows app and splunk universal forwarder

HansK
Path Finder

I'm using the universal forwarder (4.2.3) to forward from windows servers to a linux splunk host ( 4.2.3, build 105575).

I've installed the windows app but it does nothing with the perfmon data received from the windows host IE. data does noet show up in the performance view. I can search for sourcetype="Perfmon:Free Disk Space" and I find loads of data.

0 Karma
1 Solution

_d_
Splunk Employee
Splunk Employee

Hi HansK,
It is very likely that the Windows App is still wired to use the old WMI method of capturing data from Windows machines. i.e. the app expects wmi sourcetypes/sources instead of perfmon.
Check this out for more info:
http://blogs.splunk.com/2011/04/20/sssk-1-stuff-splunkers-should-know-perfmon-wmi-collection-in-4-2/

Best,

d.

View solution in original post

_d_
Splunk Employee
Splunk Employee

Hi HansK,
It is very likely that the Windows App is still wired to use the old WMI method of capturing data from Windows machines. i.e. the app expects wmi sourcetypes/sources instead of perfmon.
Check this out for more info:
http://blogs.splunk.com/2011/04/20/sssk-1-stuff-splunkers-should-know-perfmon-wmi-collection-in-4-2/

Best,

d.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...