Splunk® IT Service Intelligence

Entity Integrations Manual

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Windows data you can collect with ITSI

Collect metrics and log data with for Windows systems with a universal forwarder. You can use the data collection script or configure data collection agents manually. For more information, see these topics:

If you haven't seen the requirements yet, see Windows integration requirements for ITSI.

Metrics data

These are the host-identifying dimensions for each Windows host:

  • host
  • ip
  • os
  • os_version
  • entity_type

These are the metrics collected, the default counters, and each source type for Windows hosts:

Metric Counters Source type
  •  % C1 Time
  •  % C2 Time
  •  % Idle Time
  •  % Processor Time
  •  % User Time
  •  % Privileged Time
  •  % Reserved Time
  •  % Interrupt Time
  • Interrupts/sec*
  •  % Disk Read Time
  •  % Disk Write Time
  • Avg. Disk Queue Length
  •  % Idle Time
  • Avg. Disk Bytes/Read*
  • Avg. Disk Bytes/Write*
  • Bytes Received/sec
  • Bytes Sent/sec
  • Packets Received/sec
  • Packets Sent/sec
  • Packets Received Errors
  • Packets Outbound Errors
  • Current Bandwidth*
  • Cache Bytes
  •  % Committed Bytes In Use
  • Page Reads/sec
  • Pages Input/sec
  • Pages Output/sec
  • Committed Bytes
  • Available Bytes
  • Available MBytes*
  • Processor Queue Length
  • Threads
  • System Up Time
  •  % Processor Time
  •  % User Time
  •  % Privileged Time
  • Elapsed Time
  • ID Process
  • Virtual Bytes
  • Working Set
  • Private Bytes
  • IO Read Bytes/sec
  • IO Write Bytes/sec
  • Free Megabytes
  •  % Free Space
  • Avg. Disk sec/Transfer*

Log data

The source type for all Windows log data is uf.

These are the logs a universal forwarder collects for each Windows host by default:

  • $SPLUNK_HOMEvar\log\splunk\*.log*
  • Application
  • Security
  • System
  • Forwarded Events
  • Setup
Last modified on 28 April, 2023
Windows integration requirements for ITSI
Collect Windows metrics and logs with the data collection script in ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.16.0 Cloud only, 4.17.0, 4.17.1, 4.18.0, 4.18.1

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters