Splunk® IT Service Intelligence

Entity Integrations Manual

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Windows data you can collect with ITSI

Collect metrics and log data with for Windows systems with a universal forwarder. You can use the data collection script or configure data collection agents manually. For more information, see these topics:

If you haven't seen the requirements yet, see Windows integration requirements for ITSI.

Metrics data

These are the host-identifying dimensions for each Windows host:

  • host
  • ip
  • os
  • os_version
  • entity_type

These are the metrics collected, the default counters, and each source type for Windows hosts:

Metric Counters Source type
[perfmon://CPU]
  •  % C1 Time
  •  % C2 Time
  •  % Idle Time
  •  % Processor Time
  •  % User Time
  •  % Privileged Time
  •  % Reserved Time
  •  % Interrupt Time
PerfmonMetrics:CPU
[perfmon://PhysicalDisk]
  •  % Disk Read Time
  •  % Disk Write Time
PerfmonMetrics:PhysicalDisk
[perfmon://Network]
  • Bytes Received/sec
  • Bytes Sent/sec
  • Packets Received/sec
  • Packets Sent/sec
  • Packets Received Errors
  • Packets Outbound Errors
PerfmonMetrics:Network
[perfmon://Memory]
  • Cache Bytes
  •  % Committed Bytes In Use
  • Page Reads/sec
  • Pages Input/sec
  • Pages Output/sec
  • Committed Bytes
  • Available Bytes
PerfmonMetrics:Memory
[perfmon://System]
  • Processor Queue Length
  • Threads
  • System Up Time
PerfmonMetrics:System
[perfmon://Process]
  •  % Processor Time
  •  % User Time
  •  % Privileged Time
  • Elapsed Time
  • ID Process
  • Virtual Bytes
  • Working Set
  • Private Bytes
  • IO Read Bytes/sec
  • IO Write Bytes/sec
PerfmonMetrics:Process
[perfmon://LogicalDisk]
  • Free Megabytes
  •  % Free Space
PerfmonMetrics:LogicalDisk

Log data

The source type for all Windows log data is uf.

These are the logs a universal forwarder collects for each Windows host by default:

  • $SPLUNK_HOMEvar\log\splunk\*.log*
  • Application
  • Security
  • System
  • Forwarded Events
  • Setup
Last modified on 08 March, 2020
PREVIOUS
Windows integration requirements for ITSI
  NEXT
Collect Windows metrics and logs with the data collection script in ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.6.0 Cloud only, 4.6.1 Cloud only, 4.6.2 Cloud only, 4.7.0, 4.7.1, 4.7.2, 4.8.0 Cloud only, 4.8.1 Cloud only, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.10.0 Cloud only, 4.10.1 Cloud only, 4.10.2 Cloud only


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters