Re: How to configure the universal forwarder to co...

jrhoads · ‎06-27-2017

How can I configure the universal forwarder to collect the hosts system properties?

maciep · ‎07-01-2017

You should be able to use wmi.conf to query whatever WMI classes you'd like (win32_computersystem, win32_operatingsystem, etc).

jrhoads · ‎07-03-2017

If I search the link provided and search for the win32_* items mentioned there is no reference found. Are there example configurations for System Assigned Ram, etc?

maciep · ‎07-03-2017

if you look in the example conf file at the bottom of that page, specifically at the wql settings, you should see how to query wmi. For example:

[WMI:LocalPhysicalDisk]
interval = 1
wql = select Name, DiskBytesPerSec, PercentDiskReadTime, PercentDiskWriteTime, PercentDiskTime from Win32_PerfFormattedData_PerfDisk_PhysicalDisk
disabled = 0
index = wmi_perfmon

If you need to know where in WMI to find the data you want, that's probably going to be all google. For example, the win32_computersystem class has a field for TotalPhysicalMemory. And the win32_physicalmemory class has a field called capacity.

I guess another option is to see if the add-on for windows would work for you too. Maybe that would be easier?

How to configure the universal forwarder to collect System Properties on a Windows Server?

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM