Content Pack for Monitoring Microsoft Windows

Content Pack for Monitoring Microsoft Windows

This documentation does not apply to the most recent version of Content Pack for Monitoring Microsoft Windows. For documentation on the most recent version, go to the latest release.

About the Content Pack for Monitoring Microsoft Windows

The Content Pack for Monitoring Microsoft Windows provides the elements necessary for monitoring your OS health related to Windows servers. It uses the heavy or universal forwarder and an add-on to collect and send data to either event indexes or metric indexes. This content pack relies on the Splunk Add-on for Microsoft Windows, where the collected data is sent to either event indexes or metric indexes. For more information, see the Splunk Add-on for Microsoft Windows.

The content pack includes a preconfigured service template for monitoring OS health metrics for CPU, memory, disk, and network. The KPIs in the service template are configured for general purposes only and must be tuned to accommodate your specific use case.


You can install the Content Pack for Monitoring Microsoft Windows after installing the Splunk App for Content Packs on the search head where you have installed ITSI. For installation instructions, see Install and configure the Content Pack for Monitoring Microsoft Windows.


This content pack contains the following objects:

  • OS-level KPIs
  • Six KPI base searches:
    • OS:Performance.WIN.CPU
    • OS:Performance.WIN.LogicalDisk
    • OS:Performance.WIN.Memory
    • OS:Performance.WIN.Network
    • OS:Performance.WIN.PhysicalDisk
    • OS:Performance.WIN.WinHostMon
  • A service template: Windows server health
  • A sample service to use for testing entity filtering and KPI thresholds: SAMPLE - Windows server health to use for testing entity filtering and KPI thresholds.

Deployment requirements

Use the following table to determine ITSI version compatibility with various versions of the Content Pack for Monitoring Microsoft Windows:

Splunk App for Content Packs version Content pack version ITSI version Splunk Add-on for Windows
2.0.0 1.8.0 4.17.x 8.7.0
1.8.0 1.2.0 4.14.x, 4.15.x 8.5.0
1.5.0 1.1.0 4.9.4 or 4.11.0 or higher 8.1.2, 8.2.0
1.0.0 1.0.2 4.9.0 or higher n/a

Additional resources

Last modified on 08 July, 2023
  Release notes for the Content Pack for Monitoring Microsoft Windows

This documentation applies to the following versions of Content Pack for Monitoring Microsoft Windows: 1.2.0

Was this topic useful?

You must be logged into in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters