https://community.splunk.com/t5/Monitoring-Splunk/Setting-up-Alerts-for-basic-things-like-Disk-Space-for-windows/m-p/688996#M10201 <P>Hi Gcusello</P><P>Thanks for the information, Forwarders are installed on all servers currently, its just setting up the searches are my colleague is away for the week and i just trying to set up some basic alerts, thanks for your advice&nbsp;</P> Wed, 29 May 2024 13:14:00 GMT pc591f 2024-05-29T13:14:00Z https://community.splunk.com/t5/Monitoring-Splunk/Setting-up-Alerts-for-basic-things-like-Disk-Space-for-windows/m-p/688989#M10199 <P>I'm very new to this and found we do not have any alerts setup for basic things like Disk space on drives etc, I've done some basic courses but I don't know what to put after Host= to capture all drives on both windows and Unix</P><UL class=""><LI>Application Crashes.</LI><LI>System or Service Failures.</LI><LI>Windows Update Errors.</LI><LI>Windows Firewall.</LI><LI>Clearing Event Logs.</LI><LI>Software and Service Installation.</LI><LI>Account Usage Kernel Driver Signing.</LI></UL> Wed, 29 May 2024 12:28:27 GMT https://community.splunk.com/t5/Monitoring-Splunk/Setting-up-Alerts-for-basic-things-like-Disk-Space-for-windows/m-p/688989#M10199 pc591f 2024-05-29T12:28:27Z https://community.splunk.com/t5/Monitoring-Splunk/Setting-up-Alerts-for-basic-things-like-Disk-Space-for-windows/m-p/688992#M10200 <P>hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/267298">@pc591f</a>&nbsp;,</P><P>at first see in documentation how to get data in from forwarders (<A href="https://docs.splunk.com/Documentation/Splunk/9.2.1/Data/Usingforwardingagents" target="_blank">https://docs.splunk.com/Documentation/Splunk/9.2.1/Data/Usingforwardingagents</A>)</P><P>then install on Forwarders one of these apps: Splunk TA for Windows (<A href="https://splunkbase.splunk.com/app/742)" target="_blank">https://splunkbase.splunk.com/app/742)</A>&nbsp;or Splunk TA for nix (<A href="https://splunkbase.splunk.com/app/833)," target="_blank">https://splunkbase.splunk.com/app/833),</A>&nbsp;remembering to enable inputs that by default are disabled.</P><P>Having those logs, youcan create your own searches.</P><P>The most difficoult is to know what to search, but this isn't a Splunk knowledge.</P><P>To understand how to create the search, you can follow the Splunk Search Tutorial&nbsp; (<A href="https://docs.splunk.com/Documentation/SplunkCloud/8.1.0/SearchTutorial/WelcometotheSearchTutorial" target="_blank">https://docs.splunk.com/Documentation/SplunkCloud/8.1.0/SearchTutorial/WelcometotheSearchTutorial</A>).</P><P>Ciao.</P><P>Giuseppe</P> Wed, 29 May 2024 13:01:22 GMT https://community.splunk.com/t5/Monitoring-Splunk/Setting-up-Alerts-for-basic-things-like-Disk-Space-for-windows/m-p/688992#M10200 gcusello 2024-05-29T13:01:22Z https://community.splunk.com/t5/Monitoring-Splunk/Setting-up-Alerts-for-basic-things-like-Disk-Space-for-windows/m-p/688996#M10201 <P>Hi Gcusello</P><P>Thanks for the information, Forwarders are installed on all servers currently, its just setting up the searches are my colleague is away for the week and i just trying to set up some basic alerts, thanks for your advice&nbsp;</P> Wed, 29 May 2024 13:14:00 GMT https://community.splunk.com/t5/Monitoring-Splunk/Setting-up-Alerts-for-basic-things-like-Disk-Space-for-windows/m-p/688996#M10201 pc591f 2024-05-29T13:14:00Z https://community.splunk.com/t5/Monitoring-Splunk/Setting-up-Alerts-for-basic-things-like-Disk-Space-for-windows/m-p/688997#M10202 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/267298">@pc591f</a>,</P><P>check if the add-ons I mentioned are installed and if the inputs that takes the information you need are enabled.</P><P>If yes, you have only to create your searches.</P><P>if not, you haven't the information for your Use Cases.</P><P>Ciao.</P><P>Giuseppe</P> Wed, 29 May 2024 13:15:58 GMT https://community.splunk.com/t5/Monitoring-Splunk/Setting-up-Alerts-for-basic-things-like-Disk-Space-for-windows/m-p/688997#M10202 gcusello 2024-05-29T13:15:58Z