- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Windows App Perfmon Data Input doesn't work
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I'm currently testing Splunk 6.0.1 on a Windows Server 2008 R2 (fresh install). I want to monitor that particular Windows-Server, so I downloaded the Windows App 5.0.2 and installed it via the GUI. Now during the initial setup of the app, I just clicked "Save" without modifications to any parameters. Under "Windows Perfmon Inputs", all options were listed under "enabled": Processor, Network Interface, Memory, PhysicalDisk, LogicalDisk, Process, System.
However, after saving the settings, the dashboard "Performance Monitoring" in the app showed no data. I troubleshooted a bit I found that under the settings page in the app, all Perfom-Inputs were gone except for "System". They weren't shown under "enabled" nor under "disabled".
I don't understand why this happens. I tried to configure the inputs manually in inputs.conf (didn't work) and also tried installing a separate Universal Forwarder with the Windows TA, but that instance also wasn't able to send Perfmon-data to the Splunk-Instance.
Anyone has an idea what's going on here?
Thanks,
Leo
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK it's finally working. It seems a restart of the whole server fixed everything. Now all Perfom-Inputs are being shown in the config and performance data is beeing indexed.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK it's finally working. It seems a restart of the whole server fixed everything. Now all Perfom-Inputs are being shown in the config and performance data is beeing indexed.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sure. $SPLUNK_HOME/etc/apps/windows/default/inputs.conf:
###### DHCP ######
[monitor://$WINDIR\System32\DHCP]
disabled = 1
whitelist = DhcpSrvLog*
crcSalt = <SOURCE>
sourcetype = DhcpSrvLog
###### Windows Update Log ######
[monitor://$WINDIR\WindowsUpdate.log]
disabled = 1
sourcetype = WindowsUpdateLog
###### Event Gen #####
[script://.\bin\eventgen.bat]
disabled = true
interval = 300
passAuth = splunk-system-user
index = main
sourcetype = sharad-eventgen
$SPLUNK_HOME/.../windows/local/inputs.conf is empty.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The performance monitoring dashboard not showing any data might be linked to the fact that lookups needed for the dashboard to function properly did not get created in time.
Could you send the contents of the following files currently-
$SPLUNK_HOME\etc\apps\windows\local\inputs.conf
$SPLUNK_HOME\etc\apps\windows\default\inputs.conf
Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...
Monitoring Amazon Elastic Kubernetes Service (EKS)
Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation
