Splunk® Supported Add-ons

Splunk Add-on for Microsoft SCOM

Download manual as PDF

Download topic as PDF

Source types for the Splunk Add-on for Microsoft SCOM

The Splunk Add-on for Microsoft SCOM divides data from Microsoft SCOM into thirteen source types. Each source type maps to one or more SCOM commands.

Source Description CIM compliance ITSI compliance
microsoft:scom:alert Get one or more alerts and their history. An alert is an indication of a significant event that requires your attention. Rules and monitors can generate alerts. Alerts None
microsoft:scom:monitor Get monitors which define logic for determining the health of an object. None None
microsoft:scom:diagnostic Get diagnostic tasks to discover the cause of a problem or provide you with additional information. None None
microsoft:scom:task Get a list of tasks and their results. Task have a specific name or ID as well as tasks that are associated with specified user roles, class instances, management packs, or target classes. None None
microsoft:scom:recovery Get a list of recoveries. None None
microsoft:scom:discovery Get a list of discoveries. None None
microsoft:scom:override Get a list of overrides, and a resulting set of overrides. None None
microsoft:scom:event Get one or more events which are collected by rules. None None
microsoft:scom:rule Get one or more monitoring rules. None None
microsoft:scom:internal Get some internal references such as SCOM class definitions, and class instances. None OS
microsoft:scom:network Get some network configurations such as SCOM agent, connector, and proxy info. None None
microsoft:scom:mgmt Get management configurations such as ManagementPack, group, and role. None None
microsoft:scom:performance Get network performance such as CPU usage, memory, storage and network performance data. Performance OS


Configure Microsoft SCOM to send performance data

To collect performance data from Microsoft SCOM, you must import system Center Management Pack in your Microsoft SCOM and enable the rules to map to ITSI model.

Import System Center Management Pack

  • Download the System Center Management Pack from the Microsoft website.
  • Import the management pack in the Microsoft SCOM. See the System Center Management Pack Guide provided in your installation package for instructions.

Enable Rules in Management Pack Object

Each management pack has different rules for collecting performance data from metrics such as memory, processor, network or disk. To get the performance data and map to the ITSI Performance model, you must enable the rules manually if they are not enabled by default.
The table below describes the rules and the mapping to ITSI Performance data model.

Name (differs by OS version) Enabled by default? ITSI Object ITSI Fields
Processor Information % Processor Time Total Windows Server 2012 R2

Processor Information % Processor Time Total Windows Server 2008 R2
Processor % Processor Time Total Windows Server 2012
Processor % Processor Time Total Windows Server 2008

True Performance cpu_user_percent
System Processor Queue Length Windows Server 2012 R2

System Processor Queue Length Windows Server 2012
System Processor Queue Length 2008

True Performance wait_threads_count
Memory Available Megabytes Windows Server 2012 R2

Memory Available Megabytes Windows Server 2012
Memory Available Megabytes 2008

True Performance mem_free
Percent Memory Used
True Performance mem_free_percent

mem_used_percent

Memory Pages per Second Windows Server 2012 R2

Memory Pages per Second Windows Server 2012
Memory Pages per Second 2008

True Performance mem_page_ops
Cluster Disk - Total size / MB

Cluster Shared Volume - Total size / MB

True Performance Storage
Cluster Disk - Free space / MB

Cluster Shared Volume - Free space / MB
Logical Disk Free Megabytes Windows Server 2012
Logical Disk Free Megabytes 2008

True Performance storage_free

storage_used

Cluster Disk - Free space / %

Cluster Shared Volume - Free space / %
% Logical Disk Free Space Windows Server 2012
% Logical Disk Free Space 2008

True Performance storage_free_percent

storage_used_percent

Network Adapter Bytes Total per Second Windows Server 2012 True Performance bytes
Physical Disk Average Disk Seconds per Transfer Windows Server 2012
Physical Disk Average Disk Seconds per Transfer 2008

Collection Rule for Average Disk Seconds Per Transfer Windows Server 2012
Collection Rule for Average Disk Seconds Per Transfer 2008

True Performance latency
Collection Rule for Average Disk Seconds Per Read Windows Server 2012
Collection Rule for Average Disk Seconds Per Read 2008

Physical Disk Average Disk Seconds per Read Windows Server 2012
Physical Disk Average Disk Seconds per Read 2008

False Performance read_latency
Collection Rule for Disk Reads Per Second Windows Server 2012

Collection Rule for Disk Reads Per Second 2008
Physical Disk Reads per Second Windows Server 2012
Physical Disk Reads per Second 2008

False Performance read_ops
Collection Rule for Average Disk Seconds Per Write Windows Server 2012
Collection Rule for Average Disk Seconds Per Write 2003

Physical Disk Average Disk Seconds per Write Windows Server 2012
Physical Disk Average Disk Seconds per Write 2008

False Performance write_latency
Collection Rule for Disk Writes Per Second Windows Server 2012

Collection Rule for Disk Writes Per Second 2008
Physical Disk Writes per Second Windows Server 2012
Physical Disk Writes per Second 2008

False Performance write_ops
Network Adapter Bytes Received per Second Windows Server 2012 False Performance bytes_in
Network Adapter Bytes Sent per Second Windows Server 2012 False Performance bytes_out

Other than the rules in the table, if you want to collect data on disk transfers per second, you must create a rule with the prefix Collection Rule for Disk Transfers Per Second. For example, Collection Rule for Disk Transfers Per Second Windows Server 2012. Then map the data to the total_ops field of ITSI Performance object.

PREVIOUS
Splunk Add-on for Microsoft SCOM
  NEXT
Release notes for the Splunk Add-on for Microsoft SCOM

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters