- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Splunk XenDesktop AddOn - Perfmon data does n...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am running Splunk 5.0.2 and Splunk for XenDesktop App v. 2.0 (Both currently the newest versions) Splunk Universal Forwarder 5.0.2 incl. XD AddOns is installed onto a Windows 7 x64 XenDesktop VDI.
I am getting VDI/XenDesktop data and eventlogs perfectly fine in my indexer, but perfmon data do not show under "Desktop Performance", and the index; XenDesktop_Perfmon does not receive any data.
Anybody with same issue and/or knows how to ensure perfmon data gets forwarded to the splunk xendesktop indexer?
Splunkd log is showing no error in regards to splunk-perfmon.exe;
3:56:42.383 +0100 INFO ExecProcessor - New scheduled exec process: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe" -index xendesktop_perfmon
02-28-2013 13:56:42.383 +0100 INFO ExecProcessor - interval: 60000 ms
02-28-2013 13:56:42.383 +0100 INFO ExecProcessor - New scheduled exec process: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" --driver-path "C:\Program Files\SplunkUniversalForwarder\bin"
02-28-2013 13:56:42.383 +0100 INFO ExecProcessor - interval: 10000000000 ms
02-28-2013 13:56:42.383 +0100 INFO ExecProcessor - New scheduled exec process: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe" -index xendesktop_winevents
02-28-2013 13:56:42.383 +0100 INFO ExecProcessor - interval: 10000000000 ms
02-28-2013 13:56:42.383 +0100 INFO ExecProcessor - New scheduled exec process: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe"
02-28-2013 13:56:42.383 +0100 INFO ExecProcessor - interval: run once
02-28-2013 13:56:42.383 +0100 INFO ExecProcessor - New scheduled exec process: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -command " &'C:\Program Files\SplunkUniversalForwarder\etc\apps\TA-XD-VDA\bin\powershell\GetClientDetails.ps1'" -index xendesktop
02-28-2013 13:56:42.383 +0100 INFO ExecProcessor - interval: 180000 ms
02-28-2013 13:56:42.383 +0100 INFO ExecProcessor - New scheduled exec process: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -command " &'C:\Program Files\SplunkUniversalForwarder\etc\apps\TA-XD-VDA\bin\powershell\GetICASessionStat.ps1'" -index xendesktop
02-28-2013 13:56:42.383 +0100 INFO ExecProcessor - interval: 180000 ms
02-28-2013 13:56:42.383 +0100 INFO ExecProcessor - New scheduled exec process: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -command " &'C:\Program Files\SplunkUniversalForwarder\etc\apps\TA-XD-VDA\bin\powershell\GetInstalledSoftware.ps1'" -index xendesktop_winevents
02-28-2013 13:56:42.383 +0100 INFO ExecProcessor - interval: 21600000 ms
02-28-2013 13:56:42.383 +0100 INFO ExecProcessor - New scheduled exec process: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -command " &'C:\Program Files\SplunkUniversalForwarder\etc\apps\TA-XD-VDA\bin\powershell\GetProcess.ps1'" -index xendesktop_winevents
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm not sure if they updated the Xendesktop app yet but version 5 uses modular inputs now for perfmon data. (no more perfmon.conf, its all configured in the inputs.conf)
make sure that the UF have the following setup in the defaults inputs.conf for the TA-XD-VDA app.
first disable this stanza inputs.conf
[script://$SPLUNK_HOME\bin\scripts\splunk-perfmon.path]
disabled = 1
index = xendesktop_perfmon
then add this
[perfmon://AvailableMemory]
counters = Available Bytes
disabled = 0
interval = 180
object = Memory
index = xendesktop_perfmon
[perfmon://CPULoad]
counters = % Processor Time;
disabled = 0
instances = _Total
interval = 180
object = Processor
index = xendesktop_perfmon
[perfmon://LogicalDisk]
counters = Free Megabytes;% Free Space;Split IO/Sec;Disk Reads/Sec;Disk Writes/Sec;Disk Transfers/Sec;Disk Bytes/Sec;% Disk Time
disabled = 0
instances = *
interval = 180
object = LogicalDisk
index = xendesktop_perfmon
[perfmon://NetworkInterface]
counters = Bytes Received/sec;Bytes Sent/sec
disabled = 0
instances = *
interval = 180
object = Network Interface
index = xendesktop_perfmon
[perfmon://PhysicalDisk]
counters = Split IO/Sec;Disk Reads/Sec;Disk Writes/Sec;Disk Transfers/Sec;Disk Bytes/Sec
disabled = 0
instances = *
interval = 180
object = PhysicalDisk
index = xendesktop_perfmon
[perfmon://RunningProcesses]
counters = % Processor Time;Virtual Bytes;IO Write Operations/sec;IO Read Operations/sec;ID Process;Page Faults/Sec;Elapsed Time;
disabled = 0
instances = *
interval = 180
object = Process
index = xendesktop_perfmon
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks... Addtionally it shows that it did not work with this configuration only, because we were running with local language mui pack in our Windows 7. As soon as I forced the splunkforwarder service to run under an account that were hit by a english language pack, it start working.
The perfmon objects and counters did not match the english names, so splunkd log and splunk-perfmon.exe reported that it could not locate the objects 🙂
Furthermore the perfmon entries were case sensitive (Do not use PERFMON://) only small letters 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm not sure if they updated the Xendesktop app yet but version 5 uses modular inputs now for perfmon data. (no more perfmon.conf, its all configured in the inputs.conf)
make sure that the UF have the following setup in the defaults inputs.conf for the TA-XD-VDA app.
first disable this stanza inputs.conf
[script://$SPLUNK_HOME\bin\scripts\splunk-perfmon.path]
disabled = 1
index = xendesktop_perfmon
then add this
[perfmon://AvailableMemory]
counters = Available Bytes
disabled = 0
interval = 180
object = Memory
index = xendesktop_perfmon
[perfmon://CPULoad]
counters = % Processor Time;
disabled = 0
instances = _Total
interval = 180
object = Processor
index = xendesktop_perfmon
[perfmon://LogicalDisk]
counters = Free Megabytes;% Free Space;Split IO/Sec;Disk Reads/Sec;Disk Writes/Sec;Disk Transfers/Sec;Disk Bytes/Sec;% Disk Time
disabled = 0
instances = *
interval = 180
object = LogicalDisk
index = xendesktop_perfmon
[perfmon://NetworkInterface]
counters = Bytes Received/sec;Bytes Sent/sec
disabled = 0
instances = *
interval = 180
object = Network Interface
index = xendesktop_perfmon
[perfmon://PhysicalDisk]
counters = Split IO/Sec;Disk Reads/Sec;Disk Writes/Sec;Disk Transfers/Sec;Disk Bytes/Sec
disabled = 0
instances = *
interval = 180
object = PhysicalDisk
index = xendesktop_perfmon
[perfmon://RunningProcesses]
counters = % Processor Time;Virtual Bytes;IO Write Operations/sec;IO Read Operations/sec;ID Process;Page Faults/Sec;Elapsed Time;
disabled = 0
instances = *
interval = 180
object = Process
index = xendesktop_perfmon
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
