Getting Data In

Capturing CPU and Memory in remote Windows servers from a Linux -Splunk server.

dannux
Path Finder

I have Splunk installed on a Linux server. It is indexing CPU and Memory usage for many Unix server. How can I capture CPU and MeM usage for Windows servers?

Thanks,
Dan

Tags (4)

lakshman239
SplunkTrust
SplunkTrust

Hi, do we still have the scaling issues with WMI in the latest Splunk Add on for windows?

0 Karma

sf-mike
Splunk Employee
Splunk Employee

To build upon the above answer:

The Windows app will do this but does not use Perfmon. You install the app on your Linux box and also on a Windows forwarder.

To gather the data from Windows, You'll need to install the app on the Windows forwarder. The better way is to install the forwarder on each Windows host because of scaling issues inherent with WMI. If you do decide to use WMI, then you'll need at least 1 forwarder installed on a Windows host. Typically this would be done in an AD domain. The forwarder must be installed using AD credentials that can access all the hosts in the domain.

See this article:

http://docs.splunk.com/Documentation/Splunk/4.3/Data/MonitorWMIdata

0 Karma

hexx
Splunk Employee
Splunk Employee

I strongly recommend that you read this documentation topic on Real-time Windows performance monitoring. There's two approaches to this :

You cannot collect this kind of data remotely from a Linux indexer or forwarder.

Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...