Collect Windows metrics and logs with Splunk App for Infrastructure
Use the easy install script to install and configure data collection agents on a host from which you want to collect metrics and log data. You can forward metrics and log data to the Splunk App for Infrastructure (SAI) for performance monitoring and to investigate your infrastructure.
When you have set up the data collection agent on your host system and validated new entities are connected, you can start monitoring your infrastructure. Hosts you are monitoring are called entities. Go to the Investigate page to monitor your entities in the Infrastructure Overview or List View. You can group your entities to monitor them more easily, and drilldown to the Analysis Workspace to further analyze your infrastructure.
The easy install script requires the following.
|Easy install script|
|Admin privileges||Admin privileges are required to configure data collection.|
1. Specify configuration options
Select which metrics and logs to collect from the system. If you're running SAI on Splunk Cloud, you must enter specific settings for the Monitoring machine and Receiver port and set up the universal forwarder differently than the script deploys. For more information, see Install and configure the data collection agents on each applicable system in the Install and Upgrade Splunk App for Infrastructure guide.
- In the SAI user interface, click the Add Data tab.
- Select Windows in the integration panel.
- In 1: Specify configuration options > Data to be collected, click the Customize link.
- When you select or customize the data to be collected, this customizes the script you run on your host system.
- The metric cpu is selected by default, and cannot be deselected.
- If selecting cpu > Collect data for each CPU, metrics are stored for each cpu individually, which enables you to use the Split-by feature in the Analysis Workspace.
- If selecting cpu > Collect sum over all CPUs, only aggregate metrics are stored.
- Dimensions are key/value pairs that provide metadata about the metric (describes the measurement) used for searching and filtering relevant datasets (distinct time series) during an investigation.
- Use the format of dimension:value, such as env:prod.
- For example, my.instance.domain.name.
2. Run the easy install script
Deploy the easy install script on your host to collect metrics and logs.
- Connect to the Windows system with the Remote Desktop Protocol (RDP).
- On the Windows system, open a PowerShell window.
- Paste the script in the PowerShell window and run it.
- When you run the script on a Windows system for the first time, you might receive a message stating that the universal forwarder was installed without creating an admin user. If this occurs, you have to manually create admin credentials. For information about creating admin credentials, see user-seed.conf in the Splunk Enterprise Admin Manual.
3. Verify your data connection
Verify your data connection to start monitoring your infrastructure.
It can take up to about five (5) minutes for your hosts to display in the user interface.
- In the SAI user interface, return to your web browser and the Add Data view.
- When the script finishes running, the user interface indicates your host is connected and data is available to view.
- If no new hosts are connected after a few minutes, click Refresh.
- When new hosts are connected, click New host found to view your host.
Update SELinux to allow for data collection in Splunk App for Infrastructure
Manually configure metrics and log collection for a Windows host for Splunk App for Infrastructure
This documentation applies to the following versions of Splunk® App for Infrastructure (Legacy): 1.3.0, 1.3.1, 1.4.0, 1.4.1, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4
Feedback submitted, thanks!