All Apps and Add-ons

Unable to upload windows performance monitor logs

Communicator

Hi,

I am uploading performance monitor logs on splunk server from one of my server but i am unable to upload it as it is showing INFO in log file given below -

12-31-2015 06:53:47.053 +0000 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read entire file='C:\Program Files\SplunkUniversalForwarder\var\log\splunk\searchhistory.log'.
12-31-2015 06:53:47.053 +0000 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read entire file='C:\Program Files\SplunkUniversalForwarder\var\log\splunk\license_usage.log'.
12-31-2015 06:53:47.068 +0000 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read entire file='C:\Program Files\SplunkUniversalForwarder\var\log\splunk\remote_searches.log'.
12-31-2015 06:53:47.068 +0000 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read entire file='C:\Program Files\SplunkUniversalForwarder\var\log\splunk\mongod.log'.
12-31-2015 06:53:47.131 +0000 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read entire file='C:\Program Files\SplunkUniversalForwarder\var\log\splunk\scheduler.log'.

My inputs.conf file format is given below -

[default]
host = hostname

##### Perfmon counters #####

## CPU Time
[perfmon://CPUTime]
counters = % Processor Time;% User Time
instances = _Total
interval = 10
object = Processor
useEnglishOnly=true
index = sc-perfmon
initCrcLength = 3000


## Disk
[perfmon://FreeDiskSpace]
counters = Free Megabytes;% Free Space
instances = *
interval = 10
object = LogicalDisk
useEnglishOnly=true
index = sc-perfmon
initCrcLength = 3000


[perfmon://LogicalDisk]
counters = Avg. Disk sec/Read;Avg. Disk sec/Write;Avg. Disk sec/Transfer;Disk Reads/sec;Disk Writes/sec
instances = *
interval = 10
object = LogicalDisk
useEnglishOnly=true
index = sc-perfmon
initCrcLength = 3000


## Memory
[perfmon://Memory]
counters = % Committed Bytes In Use;Available MBytes;Committed Bytes
interval = 10
object = Memory
useEnglishOnly=true
index = sc-perfmon
initCrcLength = 3000

Please suggest on this. Does anybody have suggestions then please share.

Thanks

0 Karma

SplunkTrust
SplunkTrust

The warning messages you've posted have nothing to do with your problem.

Please let us know your setup: ie. windows server with full splunk install, pulling perfmon data from windows server with universal forwarder installed. This will help us help you.

For now you should probably start by looking at splunkd.log on the machine that is forwarding the data to your indexer.

0 Karma

Communicator

any update on this? thanks

0 Karma

SplunkTrust
SplunkTrust

Are there any permission denied errors in the system or security logs on the windows server?

Can you open perfmon as the splunkd user? If so, can you attach to these counters as the splunkd user?

0 Karma

Communicator

thanks for replying.. i am using splunk forwarder 6.3.0 on Windows server 2012 R2 standard 64bit and the main splunk server is installed on Redhat Linux and its version is 6.2 . Till now i am getting no data for performance monitor logs but yes if i am searching by index=_internal so in that my host is showing splunkd and metrics log.

0 Karma