Splunk® IT Service Intelligence

Entity Integrations Manual

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Windows data you can collect with ITSI

Collect metrics and log data with for Windows systems with a universal forwarder. You can use the data collection script or configure data collection agents manually. For more information, see these topics:

If you haven't seen the requirements yet, see Windows integration requirements for ITSI.

Metrics data

These are the host-identifying dimensions for each Windows host:

  • host
  • ip
  • os
  • os_version
  • entity_type

These are the metrics collected, the default counters, and each source type for Windows hosts:

Metric Counters Source type
  •  % C1 Time
  •  % C2 Time
  •  % Idle Time
  •  % Processor Time
  •  % User Time
  •  % Privileged Time
  •  % Reserved Time
  •  % Interrupt Time
  •  % Disk Read Time
  •  % Disk Write Time
  • Bytes Received/sec
  • Bytes Sent/sec
  • Packets Received/sec
  • Packets Sent/sec
  • Packets Received Errors
  • Packets Outbound Errors
  • Cache Bytes
  •  % Committed Bytes In Use
  • Page Reads/sec
  • Pages Input/sec
  • Pages Output/sec
  • Committed Bytes
  • Available Bytes
  • Processor Queue Length
  • Threads
  • System Up Time
  •  % Processor Time
  •  % User Time
  •  % Privileged Time
  • Elapsed Time
  • ID Process
  • Virtual Bytes
  • Working Set
  • Private Bytes
  • IO Read Bytes/sec
  • IO Write Bytes/sec
  • Free Megabytes
  •  % Free Space

Log data

The source type for all Windows log data is uf.

These are the logs a universal forwarder collects for each Windows host by default:

  • $SPLUNK_HOMEvar\log\splunk\*.log*
  • Application
  • Security
  • System
  • Forwarded Events
  • Setup
Last modified on 08 March, 2020
Windows integration requirements for ITSI
Collect Windows metrics and logs with the data collection script in ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.6.0 Cloud only, 4.6.1 Cloud only, 4.6.2 Cloud only, 4.7.0, 4.7.1, 4.7.2, 4.8.0 Cloud only, 4.8.1 Cloud only, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.10.0 Cloud only, 4.10.1 Cloud only, 4.10.2 Cloud only

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters