All Apps and Add-ons

Splunk App for Windows not collecting process data

skrish91
Path Finder

Hi,

I am trying to collect some data from the Windows server using Splunk addon for Windows. I am not able to see any process related data in Splunk. The data i am trying to get is 1. Working set memory and 2. Processor Work queue depth. Please find below the config I used for Working set memory data. Any help on this would be great. Thanks.

[perfmon://Process]
object = Process
counters = Working Set - Private
index = perfmon
showZeroValue = 1

Any idea how to get the data for 'Processor Work queue depth'?

0 Karma
1 Solution

DavidHourani
Super Champion

Hi @skrish91

Have a look at this :

[perfmon://<name>]
* This section explains possible settings for configuring
  the Windows Performance Monitor input.
* Each perfmon:// stanza represents an individually configured performance
  monitoring input. If you configure the input through Splunk Web, then the
  value of "<NAME>" matches what was specified there. While you can add
  performance monitor inputs manually, Splunk recommends that you use Splunk
  Web to configure them, because it is easy to mistype the values for
  Performance Monitor objects, counters and instances.
* NOTE: The perfmon stanza is for local systems ONLY. To define performance
  monitor inputs for remote machines, use wmi.conf.

You can enable the perfmon you need and then add it to your inputs.conf file.

Cheers,
David

View solution in original post

0 Karma

DavidHourani
Super Champion

Hi @skrish91

Have a look at this :

[perfmon://<name>]
* This section explains possible settings for configuring
  the Windows Performance Monitor input.
* Each perfmon:// stanza represents an individually configured performance
  monitoring input. If you configure the input through Splunk Web, then the
  value of "<NAME>" matches what was specified there. While you can add
  performance monitor inputs manually, Splunk recommends that you use Splunk
  Web to configure them, because it is easy to mistype the values for
  Performance Monitor objects, counters and instances.
* NOTE: The perfmon stanza is for local systems ONLY. To define performance
  monitor inputs for remote machines, use wmi.conf.

You can enable the perfmon you need and then add it to your inputs.conf file.

Cheers,
David

0 Karma

rafael_szt
Explorer

Are you seeing any other data in the indexer from this machine?
If not can you post your outputs.conf

0 Karma

skrish91
Path Finder

I can see other data coming in. These are the list of sourcetypes reporting from that host.

PerfmonMk:ProcessorInformation

PerfmonMk:Network

PerfmonMk:CPU

PerfmonMk:Memory

PerfmonMk:LogicalDisk

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...