Configure Windows data collection for Splunk App for Infrastructure
To configure data collection, you must log in to an account with permissions to use sudo for root access.
Use the script to install and configure data collection agents on a host from which you want to collect metrics and log data. You can forward metrics and log data to the Splunk App for Infrastructure for performance monitoring and to investigate your infrastructure.
The data collection script requires the following.
|Data collection script|
|Admin privileges||Admin privileges are required to configure data collection.|
Step 1: Specify configuration options
Select and/or customize your data collection options for collecting metrics and logs from your host.
- In the Splunk App for Infrastructure user interface, click the Add Data tab.
- In the left panel click Windows.
- In 1: Specify configuration options > Data to be collected, click the Customize link.
- When you select or customize the data to be collected, this also customizes the data collection script in Step 2 that you run on your host machine.
- Select the metrics and log sources for which you want to collect data.
- The metric cpu is selected by default.
- If selecting cpu > Collect data for each CPU, metrics are stored for each cpu individually, which enables you to use the Split-by feature in the Analysis Workspace.
- If selecting cpu > Collect sum over all CPUs, only aggregate metrics are stored.
- Click Save.
- Add Dimensions for easier troubleshooting, analysis, and filtering hosts.
- Dimensions are key/value pairs that provide metadata about the metric (describes the measurement) used for searching and filtering relevant datasets (distinct time series) during an investigation.
- Use the format of dimension:value, such as env:prod.
- Enter the Monitoring machine hostname or IP address of the machine that has Splunk App for Infrastructure installed (the machine that you are sending data to).
- For example, my.instance.domain.name.
- Enter an Install Location for where you want the script to install the Splunk Universal Forwarder on your system.
Step 2: Run the easy install script
Deploy the easy install script on your host to collect metrics and logs.
- Connect to the Windows system with the Remote Desktop Protocol (RDP).
- On the Windows system, open a PowerShell window.
- Paste the script in the PowerShell window and run it.
- When you run the script on a Windows system for the first time, you may receive a message stating that the universal forwarder was installed without creating an admin user. If this occurs, you have to manually create admin credentials. For information about configuring user credentials, see user-seed.conf in the Splunk Enterprise Admin Manual.
Step 3: Once the script finishes running, verify your data connection
Verify your data connection to start monitoring your infrastructure.
It can take up to about five (5) minutes for your entities to display in the user interface.
- In the Splunk App for Infrastructure user interface, return to your web browser and the Add Data view.
- When the script finishes running, the user interface indicates your entity is connected and data is available to view.
- If no new entities are connected after a few minutes, click Refresh.
- When new entities are connected, click New host found to view your entity.
When you have set up the data collection agent on your host machine, and validate new entities are connected, you can start monitoring your infrastructure. Go to the Investigate page to monitor your entities in the Infrastructure Overview or List View. You can group your entities to monitor them more easily, and drilldown to the Analysis Workspace to further analyze your infrastructure.
Create Administrator Credentials Manually
As explained in Step 2 in this topic, in order to log in as an admin user to run splunkforwarder CLI commands, you must manually create the universal forwarder administrator credentials. Follow the steps below and restart Splunk App for Infrastructure.
- Stop Splunk App for Infrastructure:
- With a text editor, create
$SPLUNK_HOMEfor where you installed the software.
- Within the file, add the following lines, substituting a password for
your new password:
[user_info] USERNAME = admin PASSWORD = <your new password>
- Save the file and close it.
- Restart Splunk.
Configure Identity and Access Management (IAM) policy for AWS data collection
Configure Mac OS X Data Collection for Splunk App for Infrastructure
This documentation applies to the following versions of Splunk® App for Infrastructure: 1.2.0, 1.2.1, 1.2.2, 1.2.3