Windows data you can collect with ITSI
Collect metrics and log data with for Windows systems with a universal forwarder. You can use the data collection script or configure data collection agents manually. For more information, see these topics:
- Collect Windows metrics and logs with the data collection script in ITSI
- Manually collect metrics from a Windows host in ITSI
- Manually collect logs from a Windows host in ITSI
If you haven't seen the requirements yet, see Windows integration requirements for ITSI.
Metrics data
These are the host-identifying dimensions for each Windows host:
host
ip
os
os_version
entity_type
These are the metrics collected, the default counters, and each source type for Windows hosts:
Metric | Counters | Source type |
---|---|---|
[perfmon://CPU] |
|
PerfmonMetrics:CPU |
[perfmon://PhysicalDisk] |
|
PerfmonMetrics:PhysicalDisk |
[perfmon://Network] |
|
PerfmonMetrics:Network |
[perfmon://Memory] |
|
PerfmonMetrics:Memory |
[perfmon://System] |
|
PerfmonMetrics:System |
[perfmon://Process] |
|
PerfmonMetrics:Process |
[perfmon://LogicalDisk] |
|
PerfmonMetrics:LogicalDisk |
(*) Indicates counters that are required for the Content Pack for Monitoring Microsoft Windows.
Log data
The source type for all Windows log data is uf
.
These are the logs a universal forwarder collects for each Windows host by default:
$SPLUNK_HOMEvar\log\splunk\*.log*
Application
Security
System
Forwarded Events
Setup
Windows integration requirements for ITSI | Collect Windows metrics and logs with the data collection script in ITSI |
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.11.0, 4.14.2 Cloud only, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.5, 4.11.6, 4.12.0 Cloud only, 4.12.1 Cloud only, 4.12.2 Cloud only, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.14.0 Cloud only, 4.14.1 Cloud only
Feedback submitted, thanks!