Content Pack for Monitoring Microsoft Windows

Content Pack for Monitoring Microsoft Windows

This documentation does not apply to the most recent version of Content Pack for Monitoring Microsoft Windows. For documentation on the most recent version, go to the latest release.

Release notes for the Content Pack for Monitoring Microsoft Windows

Version 1.2.0 of the Content Pack for Monitoring Microsoft Windows was released on November 30, 2022. The following sections describe the contents of version 1.2.0.

New features

New features of the Content Pack for Monitoring Microsoft Windows include the following:

New feature or enhancement Description
Updates to the supported data for the content pack to avoid conflicts with Windows Dashboards and Reports Content Pack and OOTB Windows Entity shipped with ITSI or ITE Work The content pack now supports the following types of data using a macro-based approach, where you can easily switch between different formats of data ingestion:
  1. Perfmon Metrics data with custom sourcetype PerfmonMetrics:* (formatted data): This is the recommended method, and customers using this format of data ingestion will be able to use the content pack without any modifications
  2. Perfmon Events data with mode set to 'single': This method is for customers who have not yet migrated to using OOTB Windows Entity for monitoring the performance of their windows infrastructure. To use the content pack with this format of data, update the macros as mentioned in the section Update the macros to use the event search with single mode.
  3. Perfmon Metrics data with default sourcetype (unformatted): This is a deprecated method of metrics data ingestion for this content pack. If you are using this method of data ingestion, you will not be able to use the OOTB Windows Entity for monitoring the performance of their windows infrastructure. To use the content pack with this format of data, update the macros as mentioned in the section Update the macros to use the metrics data with default sourcetype.
  4. Different types of data on different hosts:
    1. If you are a customer with different methods of data ingestion on different Windows hosts, update the macros as mentioned in the section Update the macros to use the mixed mode data ingestion. This method can only support a limited number of hosts as it uses subsearch, which only supports 50,000 records. If the search returns more than 50,000 records, it will lead to truncated results.

Note: This content pack no longer supports perfmon events data with 'multi-kv' mode.

Please refer to the table below to understand the supported products based on the type of data ingestion:

Data Method / Product Windows entity type shipped with ITE Work or ITSI Content Pack for Windows Dashboards and Reports Content Pack for Monitoring Microsoft Windows
Perfmon Metrics (formatted)* Yes No Yes
Perfmon Metrics (unformatted) No No Yes
Perfmon Events (single) No Yes Yes
Perfmon Events (multikv) No No No
  • Recommended format for Windows GDI

Fixed issues

This version of the Content Pack for Monitoring Microsoft Windows has these reported fixed issues. If no fixed issues are listed in the following table, no issues have been reported.

Date filed Issue number Description
2022-02-23 ITSI-22286 The Content Pack for Monitoring Microsoft Windows isn't compatible with the prepackaged Windows Entity Integration in ITE work and ITSI.

Known issues

This version of the Content Pack for Monitoring Microsoft Windows has the following reported known issues and workarounds. If no issues appear below, no issues have yet been reported.

Additional resources

Last modified on 30 November, 2022
About the Content Pack for Monitoring Microsoft Windows   Data requirements for the Content Pack for Monitoring Microsoft Windows

This documentation applies to the following versions of Content Pack for Monitoring Microsoft Windows: 1.2.0

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters