What data the Splunk App for Windows Infrastructure collects
The Splunk App for Windows Infrastructure's associated add-ons collect data from your Windows servers. They then send the data to an index, which the app uses in its dashboards, charts, and reports. This topic discusses the specifics of the data that the app collects and displays.
The Splunk App for Windows Infrastructure collects the following data using file inputs:
- Performance monitoring data.
- Active Directory logs (via the Splunk Add-on for Windows and the Splunk Add-on for Active Directory suite.)
- Windows network, host, and printer monitoring information (via the Splunk Add-on for Windows.)
- Windows Event logs (via the Splunk Add-on for Windows):
- Security Logs
- Application logs
Indexes that the Splunk App for Windows Infrastructure uses
The Splunk App for Windows Infrastructure puts the data it indexes into several indexes:
- The Windows event logs get indexed into the
wineventlog
index. - The performance monitor logs get indexed into the
perfmon
index. - The Active Directory data gets indexed into the
msad
index.
Permissions checklist | What a Splunk App for Windows Infrastructure deployment looks like |
This documentation applies to the following versions of Splunk® App for Windows Infrastructure (Legacy): 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.5.0, 1.5.1
Feedback submitted, thanks!