Dashboards & Visualizations

Adding Windows Servers In Splunk

New Member

So my organization uses Splunk Enterprise and I have just started learning. So I just needed to ask a question that I need to add aorund 4000+ Servers in the Splunk Enterprise so that my team can view some crucial metrics and data along with reports such as Reboot, CPU/Memory Usage, Drive Alert and all the other crucial data in a single frame. So is it technically possible and if yes how. They are all in different regions and they are in different environments such as Production, Corporate, Stage, Development, etc,. Anyone can reach out to me at smit.agasti10@gmail.com . It would be great if someone could help and be mindful I am a total rookie .

Labels (2)
0 Karma

Ultra Champion

As @gcusello pointed out, this looks like a significantly sized project which should be best performed with help of skilled professionals. Deploying forwarders is one thing but making sure all you environment is properly architected and you're getting really the data you want is another thing.

Also, please note that this is a community where people share their knowledge for common good. It is not an advertising board (both for providing services and seeking them).

So the advice is - go to https://partners.splunk.com/solutionscatalog/ find a partner near you and engage this partner.

Esteemed Legend


your requirement is an interesting challenge for an absolutely large but normal project in Splunk.

But it is also a great project that requires a puntual requirements definition and design.

So at first my hint is to find a Splunk Partner (if you are in Italy, I can help you) that can follow you in this two main phases and then in the impementation, but anyway it cannot be considered a project for rockies.

At the same time it could be a good idea that you start to follow the first training courses on Splunk to underatand how Splunk works, Splunk architectures and what and how to ingest data in Splunk, for more infos you can see the youtube Splunk channel at https://www.youtube.com/@Splunkofficial and here https://www.splunk.com/en_us/training/course-catalog.html?sort=Newest&filters=filterGroup1FreeCourse... .

Anyway, the first thing is to define a monitoring perimeter, defining in an Excel file te list of the system to monitor, understand Operative Systems and so defining the Splunk UNiversal Forwarders to use.

I didn't understand if you already implemented Splunk or not, if not, you have to design your architecture starting from the main features (HA or not, network segmentation, etc...) and the volume of data to index.



0 Karma
Get Updates on the Splunk Community!

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

 Clayton Homes faced the increased challenge of strengthening their security posture as they went through ...

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

We’re happy to announce the release of Mission Control 2.3 which includes several new and exciting features ...

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

Python 2.7, the last release of Python 2, reached End of Life back on January 1, 2020. As part of our larger ...