Splunk_TA_Windows Performance Monitoring dashboard...

All Apps and Add-ons

Is the transforms.conf working correctly for the 'counter' extract in the Splunk_TA_Windows app?

[metric_name_for_perfmon_metrics_store]
REGEX = counter=\"?([^\"\r\n]*[^\"\s])
FORMAT = metric_name::$1
WRITE_META = true

I am having issues getting the Performance Monitoring dashboard working and my investigations are leading me to think that the 'counter' field is not being populated and it is necessary for the drop-down in the dashboards to work...

Testing the regexs via search of the others in the transforms are working fine:

perfmon-index eventtype="perfmon_windows" object=*
| regex object"=\"?([^\"\r\n][^\"\s])"
| regex instance"=\"?([^\"\r\n][^\"\s])"
| regex collection"=\"?([^\"\r\n]*[^\"\s])"

| table object, instance, collection, counter

but the counter extract doesnt work:

perfmon-index eventtype="perfmon_windows" object=*
| regex counter"=\"?([^\"\r\n]*[^\"\s])"
| table counter

Get Updates on the Splunk Community!

Splunk_TA_Windows Performance Monitoring dashboards not working

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation