Windows data you can collect with ITE Work
Collect metrics and log data with for Windows systems with a universal forwarder. You can use the data collection script or configure data collection agents manually. For more information, see these topics:
- Collect Windows metrics and logs with the data collection script in ITE Work
- Manually collect metrics from a Windows host in ITE Work
- Manually collect logs from a Windows host in ITE Work
If you haven't seen the requirements yet, see Windows integration requirements for ITE Work.
Metrics data
These are the host-identifying dimensions for each Windows host:
host
ip
os
os_version
entity_type
These are the metrics collected, the default counters, and each source type for Windows hosts:
Metric | Counters | Source type |
---|---|---|
[perfmon://CPU] |
|
PerfmonMetrics:CPU |
[perfmon://PhysicalDisk] |
|
PerfmonMetrics:PhysicalDisk |
[perfmon://Network] |
|
PerfmonMetrics:Network |
[perfmon://Memory] |
|
PerfmonMetrics:Memory |
[perfmon://System] |
|
PerfmonMetrics:System |
[perfmon://Process] |
|
PerfmonMetrics:Process |
[perfmon://LogicalDisk] |
|
PerfmonMetrics:LogicalDisk |
(*) Indicates counters that are required for the Content Pack for Monitoring Microsoft Windows.
Log data
The source type for all Windows log data is uf
.
These are the logs a universal forwarder collects for each Windows host by default:
$SPLUNK_HOMEvar\log\splunk\*.log*
Application
Security
System
Forwarded Events
Setup
Windows integration requirements for ITE Work | Collect Windows metrics and logs with the data collection script in ITE Work |
This documentation applies to the following versions of Splunk® IT Essentials Work: 4.18.0, 4.18.1, 4.19.0, 4.19.1
Feedback submitted, thanks!