- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Monitor HDD free space on windows systems
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Monitor HDD free space on windows systems
Hello, I am using single Splunk Enterprise instance on Windows server to collect data on TCP/IP port and monitor csv log files.
The server is an active directory member.
I would like to extend the functionality to monitor free space (in %) on client windows 7 machines (ca 150 hosts), also active directory members, all logged with same domain user.
I am confused from Splunk documentation, which all steps I should perform.
Is it necessary to install universal forwarder on each host?
Is it necessary to install additional Splunk for Windows app?
Seems to be more complicated than I expected.
For me it would be enough to to send the information once after login (part of the login script).
How do you collect the data from Windows machines?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hello @rapmancz,
i feel the word "necessary" is pretty strong.
i would say, it is recommended, and will add, that there is so much more to collect then the free space in percentage from clients
having said that, read here about bringing windows data in:
http://docs.splunk.com/Documentation/Splunk/6.6.2/Data/AboutWindowsdataandSplunk
if disk usage is all you need, then only enable the perfmon disk input and set the desired interval.
regarding "complicated", installing a forwarder is very straight forward, read here:
http://docs.splunk.com/Documentation/Forwarder/6.6.2/Forwarder/InstallaWindowsuniversalforwarderfrom...
then you can silently install fast via simple script on all your hosts, read here:
http://docs.splunk.com/Documentation/Forwarder/6.6.2/Forwarder/InstallaWindowsuniversalforwarderfrom...
then you can actually controll all the inputs of all your forwarders from a single interface using Forwarder Management, start reading here:
http://docs.splunk.com/Documentation/Splunk/6.6.2/Updating/Aboutdeploymentserver
to your last question, 99% of the Splunk environments that i have seen leverage the Universal Forwarder and TA for windows (or msad, exchange, whatever) to collect windows data.
p.s. if it takes you more than a work day to bring that data in, ping us here and i am positive the community will give you the boost you need to accomplish your task
good luck and happy splunking
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your comment.
I installed Universal forwarder 6.6.2 on one test machine (Windows 7 32bit) and activated checkboxes to send event log data and performance data.
In Splunk Enterprise 6.6.2, I can see windows event log entries, but no performance data. When searching for events from this machine, I can see it writes only to main index, no entries in perfmon index.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...
Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...
Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...
