Splunk® IT Essentials Work

Entity Integrations Manual

Windows data you can collect with ITE Work

Collect metrics and log data with for Windows systems with a universal forwarder. You can use the data collection script or configure data collection agents manually. For more information, see these topics:

If you haven't seen the requirements yet, see Windows integration requirements for ITE Work.

Metrics data

These are the host-identifying dimensions for each Windows host:

  • host
  • ip
  • os
  • os_version
  • entity_type

These are the metrics collected, the default counters, and each source type for Windows hosts:

Metric Counters Source type
[perfmon://CPU]
  •  % C1 Time
  •  % C2 Time
  •  % Idle Time
  •  % Processor Time
  •  % User Time
  •  % Privileged Time
  •  % Reserved Time
  •  % Interrupt Time
  • Interrupts/sec*
 PerfmonMetrics:CPU
[perfmon://PhysicalDisk]
  •  % Disk Read Time
  •  % Disk Write Time
  • Avg. Disk Queue Length
  •  % Idle Time
  • Avg. Disk Bytes/Read*
  • Avg. Disk Bytes/Write*
 PerfmonMetrics:PhysicalDisk
[perfmon://Network]
  • Bytes Received/sec
  • Bytes Sent/sec
  • Packets Received/sec
  • Packets Sent/sec
  • Packets Received Errors
  • Packets Outbound Errors
  • Current Bandwidth*
 PerfmonMetrics:Network
[perfmon://Memory]
  • Cache Bytes
  •  % Committed Bytes In Use
  • Page Reads/sec
  • Pages Input/sec
  • Pages Output/sec
  • Committed Bytes
  • Available Bytes
  • Available MBytes*
 PerfmonMetrics:Memory
[perfmon://System]
  • Processor Queue Length
  • Threads
  • System Up Time
 PerfmonMetrics:System
[perfmon://Process]
  •  % Processor Time
  •  % User Time
  •  % Privileged Time
  • Elapsed Time
  • ID Process
  • Virtual Bytes
  • Working Set
  • Private Bytes
  • IO Read Bytes/sec
  • IO Write Bytes/sec
 PerfmonMetrics:Process
[perfmon://LogicalDisk]
  • Free Megabytes
  •  % Free Space
  • Avg. Disk sec/Transfer*
 PerfmonMetrics:LogicalDisk

(*) Indicates counters that are required for the Content Pack for Monitoring Microsoft Windows.

Log data

The source type for all Windows log data is uf.

These are the logs a universal forwarder collects for each Windows host by default:

  • $SPLUNK_HOMEvar\log\splunk\*.log*
  • Application
  • Security
  • System
  • Forwarded Events
  • Setup
Last modified on 28 February, 2024
Windows integration requirements for ITE Work   Collect Windows metrics and logs with the data collection script in ITE Work

This documentation applies to the following versions of Splunk® IT Essentials Work: 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.10.0 Cloud only, 4.10.1 Cloud only, 4.10.2 Cloud only, 4.10.3 Cloud only, 4.10.4 Cloud only, 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.6, 4.12.0 Cloud only, 4.12.2 Cloud only, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.14.0 Cloud only, 4.14.1 Cloud only, 4.14.2 Cloud only, 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.16.0 Cloud only, 4.17.0, 4.17.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters