Content Pack for Monitoring Microsoft Windows

Content Pack for Monitoring Microsoft Windows

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Content Pack for Monitoring Microsoft Windows. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Data requirements for the Content Pack for Monitoring Microsoft Windows

The Content Pack for Monitoring Microsoft Windows requires that you collect data using a universal or heavy forwarder on each Microsoft Windows server you want to monitor. See About forwarding and receiving in the Splunk Enterprise Forwarding Data manual to learn how to install and configure forwarders.

You must deploy an inputs.conf file on the servers being monitored, typically as part of a custom app. A sample inputs.conf file is provided on this page.

Install the Splunk Add-on for Microsoft Windows

While the Splunk Add-on for Windows isn't required on the monitored servers, it's required on the Splunk platform environment that collects the data. Use the following table as reference to install the Splunk Add-on for Windows on your deployment:

Technology Name Installation link Search heads Indexers Forwarders
Splunk Add-on for Windows Install the Splunk Add-on for Windows x x  

Configure the inputs.conf file for Windows OS performance collection

The following sample configuration file collects the data and metrics needed to generate the KPIs for the Content Pack for Monitoring Microsoft Windows.

To allow centralized management of multiple forwarders, it's considered a best practice to create a custom app and use a deployment server or another management solution that is already in use.

The following sample is from a Splunk app called "OS_windows_health", with the single file local/inputs.conf

Once you deploy the inputs.conf file to one or more Windows servers, use the Search & Reporting app to confirm that you see incoming data from the hosts you configured.

Sample configuration file for Windows OS performance collection

[WinHostMon://Processor]
interval = 600
disabled = 0
type = Processor
index = windows

[WinHostMon://OperatingSystem]
interval = 600
disabled = 0
type = OperatingSystem
index = windows

[WinHostMon://Disk]
interval = 600
disabled = 0
type = Disk
index = windows

[perfmon://CPU]
counters = % Processor Time; % User Time; % Privileged Time; Interrupts/sec; % DPC Time; % Interrupt Time; DPCs Queued/sec; DPC Rate; % Idle Time; % C1 Time; % C2 Time; % C3 Time; C1 Transitions/sec; C2 Transitions/sec; C3 Transitions/sec
disabled = 0
instances = *
interval = 60
object = Processor
useEnglishOnly=true
mode=multikv
index = perfmon

## Logical Disk
[perfmon://LogicalDisk]
counters = % Free Space; Free Megabytes; Current Disk Queue Length; % Disk Time; Avg. Disk Queue Length; % Disk Read Time; Avg. Disk Read Queue Length; % Disk Write Time; Avg. Disk Write Queue Length; Avg. Disk sec/Transfer; Avg. Disk sec/Read; Avg. Disk sec/Write; Disk Transfers/sec; Disk Reads/sec; Disk Writes/sec; Disk Bytes/sec; Disk Read Bytes/sec; Disk Write Bytes/sec; Avg. Disk Bytes/Transfer; Avg. Disk Bytes/Read; Avg. Disk Bytes/Write; % Idle Time; Split IO/Sec
disabled = 0
instances = *
interval = 60
object = LogicalDisk
useEnglishOnly=true
mode=multikv
index = perfmon

## Physical Disk
[perfmon://PhysicalDisk]
counters = Current Disk Queue Length; % Disk Time; Avg. Disk Queue Length; % Disk Read Time; Avg. Disk Read Queue Length; % Disk Write Time; Avg. Disk Write Queue Length; Avg. Disk sec/Transfer; Avg. Disk sec/Read; Avg. Disk sec/Write; Disk Transfers/sec; Disk Reads/sec; Disk Writes/sec; Disk Bytes/sec; Disk Read Bytes/sec; Disk Write Bytes/sec; Avg. Disk Bytes/Transfer; Avg. Disk Bytes/Read; Avg. Disk Bytes/Write; % Idle Time; Split IO/Sec
disabled = 0
instances = *
interval = 60
object = PhysicalDisk
useEnglishOnly=true
mode=multikv
index = perfmon

## Memory
[perfmon://Memory]
counters = Page Faults/sec; Available Bytes; Committed Bytes; Commit Limit; Write Copies/sec; Transition Faults/sec; Cache Faults/sec; Demand Zero Faults/sec; Pages/sec; Pages Input/sec; Page Reads/sec; Pages Output/sec; Pool Paged Bytes; Pool Nonpaged Bytes; Page Writes/sec; Pool Paged Allocs; Pool Nonpaged Allocs; Free System Page Table Entries; Cache Bytes; Cache Bytes Peak; Pool Paged Resident Bytes; System Code Total Bytes; System Code Resident Bytes; System Driver Total Bytes; System Driver Resident Bytes; System Cache Resident Bytes; % Committed Bytes In Use; Available KBytes; Available MBytes; Transition Pages RePurposed/sec; Free & Zero Page List Bytes; Modified Page List Bytes; Standby Cache Reserve Bytes; Standby Cache Normal Priority Bytes; Standby Cache Core Bytes; Long-Term Average Standby Cache Lifetime (s)
disabled = 0
interval = 60
object = Memory
useEnglishOnly=true
mode=multikv
index = perfmon

## Network
[perfmon://Network]
counters = Bytes Total/sec; Packets/sec; Packets Received/sec; Packets Sent/sec; Current Bandwidth; Bytes Received/sec; Packets Received Unicast/sec; Packets Received Non-Unicast/sec; Packets Received Discarded; Packets Received Errors; Packets Received Unknown; Bytes Sent/sec; Packets Sent Unicast/sec; Packets Sent Non-Unicast/sec; Packets Outbound Discarded; Packets Outbound Errors; Output Queue Length; Offloaded Connections; TCP Active RSC Connections; TCP RSC Coalesced Packets/sec; TCP RSC Exceptions/sec; TCP RSC Average Packet Size  
disabled = 0
instances = *
interval = 60
object = Network Interface
useEnglishOnly=true
mode=multikv
index = perfmon

## Process
[perfmon://Process]
counters = % Processor Time; % User Time; % Privileged Time; Virtual Bytes Peak; Virtual Bytes; Page Faults/sec; Working Set Peak; Working Set; Page File Bytes Peak; Page File Bytes; Private Bytes; Thread Count; Priority Base; Elapsed Time; ID Process; Creating Process ID; Pool Paged Bytes; Pool Nonpaged Bytes; Handle Count; IO Read Operations/sec; IO Write Operations/sec; IO Data Operations/sec; IO Other Operations/sec; IO Read Bytes/sec; IO Write Bytes/sec; IO Data Bytes/sec; IO Other Bytes/sec; Working Set - Private
disabled = 0
instances = *
interval = 60
object = Process
useEnglishOnly=true
useWinApiProcStats = 1
mode=multikv
index = perfmon

## System
[perfmon://System]
counters = File Read Operations/sec; File Write Operations/sec; File Control Operations/sec; File Read Bytes/sec; File Write Bytes/sec; File Control Bytes/sec; Context Switches/sec; System Calls/sec; File Data Operations/sec; System Up Time; Processor Queue Length; Processes; Threads; Alignment Fixups/sec; Exception Dispatches/sec; Floating Emulations/sec; % Registry Quota In Use
disabled = 0
instances = *
interval = 60
object = System
useEnglishOnly=true
mode=multikv
index = perfmon
Last modified on 10 December, 2021
PREVIOUS
Release notes for the Content Pack for Monitoring Microsoft Windows 		  NEXT
Install and configure the Content Pack for Monitoring Microsoft Windows

This documentation applies to the following versions of Content Pack for Monitoring Microsoft Windows: 1.0.1

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters