All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Windows app not showing performance stats

BobM
Builder
‎03-08-2010 07:55 PM

On a windows installation, I am not getting WMI performance data from the local host.

In Manager >> Data Inputs >> WMI data collections >> CPUTime the available classes does not include PerfOS_Processor or any of the Perf…. classes though it does include others which would seem to prove WMI is working.

Can anyone tell me what server settings need to be configured to get this to work.

Reply

igor
Splunk Employee
Splunk Employee
‎06-14-2010 05:36 PM

What Windows OS are you running this on? Many classes are missing on Win2000.

Moreover, can you try and run the following two commands, from the bin directory (probably c:\Program Files\Splunk\bin). Run them as the same user Splunk is running as (unless it's a "Local System" account):

  splunk cmd splunk-wmi -wql "select * from win32_nteventlogfile where logfilename='application'"
  splunk cmd splunk-wmi -wql "SELECT PercentProcessorTime FROM Win32_PerfFormattedData_PerfOS_Processor"

You should get some output in both cases. If you do get results for the first but not the second command, the two things that come to mind that could be wrong are 1) this is a Win2000 box, or 2) the WMI namespace security does not permit you to access certain classes.

For the latter case, see http://support.microsoft.com/kb/325353. In particular, make sure that "Execute methods" and "Remote execute" and set for all items under root\CIMV2 recursively for the user of group (e.g. Administrators) Splunk is running as. Adjust these settings and rerun the commands above.

Reply

Ledio_Ago
Splunk Employee
Splunk Employee
‎06-11-2010 09:10 PM

I just came across this issue, has this been solved?

Most likely Splunk is running as a user that doesn't have enough permissions to connect to WMI framework. Are you getting any errors in the UI when you try to config this input? I would look for errors in splunkd.log.

0 Karma
Reply

BobM
Builder
‎06-14-2010 09:56 AM

The splunk server has permissions to use WMI and can collect system, security and application logs using WMI but was not able to see performance stats.

It seems these were disabled on the windows server and my question was not what changes I need to make in splunk but if anyone knew what settings I had to ask the server SA's to configure on the remote windows boxes.

0 Karma
Reply

Nicholas_Key
Splunk Employee
Splunk Employee
‎03-08-2010 09:20 PM

Hi Eqalis,

May I know if you are referring to the empty three panels in the dashboard (Performance Management -> Performance Summary):
"Top Process By CPU (Last 24 Hours)"
"Top Processes By Memory (Last 24 Hours)"
"Total Network Usage"

There are about 6 WMI collections scripts that you will want to enable them, preferably, in order to see the results in dashboard.

Please go to Manager -> Data Inputs -> WMI collections -> click at each Collection name -> click Enable radio button -> click Save
CPUTime
FreeDiskSpace
LocalNetwork
LocalPhysicalDisk
LocalProcesses
Memory

Enabling the scripts will allow you to populate the panels with results. Restart Splunk.

Hope this solution helps.

Happy Splunking! =D

Reply

BobM
Builder
‎03-11-2010 07:41 AM

If you go into the WMI collections for each of the above, the available classes is blank. When I click on it, I see some classes but not the Perf ones needed. I assume this is a windows setting that has them disabled and not a splunk one but I can not find it.

Has anyone seen this before?

0 Karma
Reply

BobM
Builder
‎03-11-2010 07:41 AM

No. I have enabled the scripts but they do not collect any data. I have done this on previous installs with no problem but this one is different.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...