Related Answers
Download topic as PDF
Reports reference for Content Pack for Windows Dashboards and Reports
The Content Pack for Windows Dashboards and Reports includes several reports through which you can proactively monitor and troubleshoot your Windows environment.
Access the reports
- Log into Splunk Web.
- Select App > IT Service Intelligence (ITSI) or IT Essentials Work.
- From the navigation bar, select Dashboards > Reports to see the list of reports.
- In the App column, reports listed as DA-ITSI-CP-windows-dashboards are part of the Content Pack for Windows Dashboards and Reports.
Available reports
The following table lists the reports that are present in the Content Pack for Windows Dashboards and Reports:
| Report name | Description |
|---|---|
| Application crash count in the last 7 days | Shows the Application Crashes count in last 7 days |
| Application crash count in the last 24 hours | Shows the Application Crashes count in last 24 hours |
| Application crash count in the last 30 days | Shows the Application Crashes count in last 30 days |
| Average CPU utilization per process, host in the last 24 hours | Shows the Average Utilization of CPU per process, host in the last 24 hours |
| Average Memory utilization per process, host in the last 24 hours | Shows the Average Utilization of Memory per process, host in the last 24 hours |
| Count of total installs per Application each day for the last 7 days | Shows the count of Installations from each Application each day for the last 7 days |
| Count of total installs per user each day for the last 7 days | Shows the count of Installations from each User each day for the last 7 days |
| Count of total installs per user for the last 7 days | Shows the count of Installations from each User for the last 7 days |
| Event categories and counts by host for the last 30 days | Shows the Event Categories and hosts count in last 30 Days |
| Event severity counts by host for the last 7 days | Shows the count of Event Severity by host in last 7 days |
| Event severity counts by host for the last 24 hours | Shows the count of Event Severity by host in last 24 hours |
| Event severity counts by host for the last 30 days | Shows the count of Event Severity by host in last 30 days |
| Generic event counts | Shows the Count of Generic Events based on EventCode |
| List of Applications, Time of install, User and Host for the last 7 days | Shows the list of Applications, Time of install, User and Host for the last 7 days |
| List of Failed KB installs in the last 7 days | Shows the List of Failed KB that installed in last 7 days |
| List of KB successful and failed KB installation for the last 30 days | Shows the List of installed successful and failed KB in last 30 days |
| List of Successful installations (non-KB) for the last 7 days | Shows the list of successful installations (non-KB) in last 7 days |
| List of failed service starts for the last 30 days | Shows the list of failed service starts in last 30 days |
| List of shutdowns for last 30 days | Show the list of hosts which are shutdown in last 30 days |
| List of unexpected service terminations for the last 30 days | Shows the list of unexpected service terminations of host in last 30 days |
| Number of hosts with Average CPU utilization > 80% in the last 24 hours | Shows the number of host with Average utilization of CPU is greater than 80% in last 24 hours |
| Performance counter categories and counts by host for the last 7 days | Shows the number of performance counter categories and counts of host in last 7 days |
| ActiveDirectory: Create Computer Lookup | Creates the ActiveDirectory_ComputerInfoLookup which contains the details of Computer of Active Directory |
| ActiveDirectory: Create GPO Lookup | Creates the ActiveDirectory_GPOInfoLookup which contains the details of GPO (Group Policy object) of Active Directory |
| ActiveDirectory: Create Group Lookup | Creates the ActiveDirectory_GroupInfoLookup which contains the details of Group of Active Directory |
| ActiveDirectory: Create User Lookup | Creates the ActiveDirectory_UserInfoLookup which contains the details of User of Active Directory |
| DNS: Failing Domains | Shows the list of domains which have responded as error |
| DNS: Top Failing Domains | Shows the top domain which have responded as error |
| DNS: Top Hosts sending failing queries | Shows the top host which is sending failed queries |
| DNS: Top Non-Authoritative Responses | Shows the top non-authoritive domain Responses |
| DNS: Top Querying Hosts | Shows the top Querying host |
| DNS: Top Recursive Failure Domains | Shows the Top Recursive Failure Domain |
| DNS: Top Requested Queries | Shows the Top Requested Query domain |
| System_App Installs - By Host - Timechart - 7days | Shows the list of App Installed by a host in last 7 days |
| WinApp_Lookup_Build_Event - CreateNew - Server | Creates the windows_event_system lookup which contains the host details |
| WinApp_Lookup_Build_Hostmon - CreateNew - Server | Creates the windows_hostmon_system lookup which contains the host details |
| WinApp_Lookup_Build_Hostmon_FS - CreateNew - Detail | Creates the windows_hostmon_fs_details lookup which contains File System details |
| WinApp_Lookup_Build_Hostmon_Machine - CreateNew - Detail | Creates the windows_hostmon_machine_details lookup which contains Domain details |
| WinApp_Lookup_Build_Hostmon_Process - CreateNew - Detail | Creates the windows_hostmon_process_details lookup which contains process details |
| WinApp_Lookup_Build_Netmon - CreateNew - Server | Creates the windows_netmon_system lookup which contains the count of event by each hosts |
| WinApp_Lookup_Build_Perfmon - CreateNew - Serve | Creates the windows_perfmon_system lookup which contains the details of event of each hosts in last 1 hour |
| WinApp_Lookup_Build_Printmon - CreateNew | Creates the windows_printmon lookup which contains the details of operations performed by user |
| WinApp_Lookup_Event - Event Details | Shows the details of each event |
| WinApp_Lookup_Event - EventCode | Shows the list of EventCodes |
| WinApp_Lookup_Event - EventCode Description | Shows the list of EventCodeswith description |
| WinApp_Lookup_Event - Host | Shows the list of Hosts |
| WinApp_Lookup_Event - LogName | Shows the list of Logname |
| WinApp_Lookup_Event - TaskCategory | Shows the list of Task Category |
| WinApp_Lookup_Perfmon - Collections, Object, and counters | Shows the list of Objects containing collections |
| WinApp_Lookup_Perfmon - Combined | Shows the list of each object containing collections and instance |
| WinApp_Lookup_Perfmon - Host | Shows the list of Host in perfmon |
| WinApp_Lookup_Perfmon - Object | Shows the list of objects |
| WinApp_Lookup_Perfmon - counters and instances | Shows the list of counters and instances in perfmon |
| WinMgmt_Security_Logon_Success Overall by Host | Shows the list of hosts that has been logged successfully in last 7 days |
| WinMgmt_Security_Logon_Success Overtime | Shows the list of transaction happened in logons successfully in last 7 days |
| WinMgmt_Security_Logon_Unsuccessful | Shows the list of transaction happened in logons unsuccessfully in last 7 days |
| WinMgmt_System_Reboot Overtime | Shows the list of transaction happened with host and username in last 7 days |
| build_winfra_lookup | Shows the list of necessary lookups that are used in populating the Content Pack for Windows Dashboards and Reports |
Last modified on 23 February, 2023
|
PREVIOUS Dashboard reference for the Content Pack for Windows Dashboards and Reports |
NEXT Entity Discovery Search Reference |
This documentation applies to the following versions of Content Pack for Windows Dashboards and Reports: 1.2.0, 1.2.1, 1.2.2, 1.3.0
Feedback submitted, thanks!