Splunk_TA_Windows Performance Monitoring dashboard...

All Apps and Add-ons

Is the transforms.conf working correctly for the 'counter' extract in the Splunk_TA_Windows app?

[metric_name_for_perfmon_metrics_store]
REGEX = counter=\"?([^\"\r\n]*[^\"\s])
FORMAT = metric_name::$1
WRITE_META = true

I am having issues getting the Performance Monitoring dashboard working and my investigations are leading me to think that the 'counter' field is not being populated and it is necessary for the drop-down in the dashboards to work...

Testing the regexs via search of the others in the transforms are working fine:

perfmon-index eventtype="perfmon_windows" object=*
| regex object"=\"?([^\"\r\n][^\"\s])"
| regex instance"=\"?([^\"\r\n][^\"\s])"
| regex collection"=\"?([^\"\r\n]*[^\"\s])"

| table object, instance, collection, counter

but the counter extract doesnt work:

perfmon-index eventtype="perfmon_windows" object=*
| regex counter"=\"?([^\"\r\n]*[^\"\s])"
| table counter

Get Updates on the Splunk Community!

Splunk_TA_Windows Performance Monitoring dashboards not working

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Are you a member of the Splunk Community?

Splunk_TA_Windows Performance Monitoring dashboards not working

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25