- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Splunk App for Windows not collecting process data
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I am trying to collect some data from the Windows server using Splunk addon for Windows. I am not able to see any process related data in Splunk. The data i am trying to get is 1. Working set memory and 2. Processor Work queue depth. Please find below the config I used for Working set memory data. Any help on this would be great. Thanks.
[perfmon://Process]
object = Process
counters = Working Set - Private
index = perfmon
showZeroValue = 1
Any idea how to get the data for 'Processor Work queue depth'?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @skrish91
Have a look at this :
[perfmon://<name>]
* This section explains possible settings for configuring
the Windows Performance Monitor input.
* Each perfmon:// stanza represents an individually configured performance
monitoring input. If you configure the input through Splunk Web, then the
value of "<NAME>" matches what was specified there. While you can add
performance monitor inputs manually, Splunk recommends that you use Splunk
Web to configure them, because it is easy to mistype the values for
Performance Monitor objects, counters and instances.
* NOTE: The perfmon stanza is for local systems ONLY. To define performance
monitor inputs for remote machines, use wmi.conf.
You can enable the perfmon you need and then add it to your inputs.conf file.
Cheers,
David
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @skrish91
Have a look at this :
[perfmon://<name>]
* This section explains possible settings for configuring
the Windows Performance Monitor input.
* Each perfmon:// stanza represents an individually configured performance
monitoring input. If you configure the input through Splunk Web, then the
value of "<NAME>" matches what was specified there. While you can add
performance monitor inputs manually, Splunk recommends that you use Splunk
Web to configure them, because it is easy to mistype the values for
Performance Monitor objects, counters and instances.
* NOTE: The perfmon stanza is for local systems ONLY. To define performance
monitor inputs for remote machines, use wmi.conf.
You can enable the perfmon you need and then add it to your inputs.conf file.
Cheers,
David
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you seeing any other data in the indexer from this machine?
If not can you post your outputs.conf
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I can see other data coming in. These are the list of sourcetypes reporting from that host.
PerfmonMk:ProcessorInformation
PerfmonMk:Network
PerfmonMk:CPU
PerfmonMk:Memory
PerfmonMk:LogicalDisk
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
