Re: Capturing CPU and Memory in remote Windows ser...

dannux · ‎01-30-2012

I have Splunk installed on a Linux server. It is indexing CPU and Memory usage for many Unix server. How can I capture CPU and MeM usage for Windows servers?

Thanks,
Dan

lakshman239 · ‎01-17-2017

Hi, do we still have the scaling issues with WMI in the latest Splunk Add on for windows?

sf-mike · ‎01-30-2012

To build upon the above answer:

The Windows app will do this but does not use Perfmon. You install the app on your Linux box and also on a Windows forwarder.

To gather the data from Windows, You'll need to install the app on the Windows forwarder. The better way is to install the forwarder on each Windows host because of scaling issues inherent with WMI. If you do decide to use WMI, then you'll need at least 1 forwarder installed on a Windows host. Typically this would be done in an AD domain. The forwarder must be installed using AD credentials that can access all the hosts in the domain.

See this article:

http://docs.splunk.com/Documentation/Splunk/4.3/Data/MonitorWMIdata

hexx · ‎01-30-2012

I strongly recommend that you read this documentation topic on Real-time Windows performance monitoring. There's two approaches to this :

Install a "central" forwarder on a Windows machine and use WMI to remotely poll CPU and memory usage information on your Windows hosts.
Install a forwarder on each Windows host from which you want to collect CPU and memory usage. Use perfmon inputs do to collect local performance information.

You cannot collect this kind of data remotely from a Linux indexer or forwarder.

Capturing CPU and Memory in remote Windows servers from a Linux -Splunk server.

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability