Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

sending perfmon data to indexer from UF

Splunk_U
Path Finder
‎12-27-2012 06:12 PM

I have an universal forwarder in windows machine. I want to send the perfmon data from the UF to the indexer (a linux machine). How to do that?

Tags (2)
0 Karma
Reply

jonuwz
Influencer
‎12-28-2012 04:24 AM

You should have the opportunity to configure perfmon inputs at install time.

If re-installing the UF is not an option take a look at the bottom of this page for how to add entries to <install dir>\etc\system\local\inputs.conf to forward perfmon data.

You'll need to restart the UF service for hte change to take effect.

Note :

  1. The interval is in seconds, '1' might be too frequent for you.
  2. You might want to create a new index to store the performance data

Edit

For example add this to etc/system/local/inputs.conf (example from the link above) :

[perfmon://LocalMainMemory]
interval = 5
object = Memory
counters = Committed Bytes; Available Bytes; % Committed Bytes In Use
disabled = 0
index = main

and restart your service.

Reply

jonuwz
Influencer
‎12-28-2012 01:42 PM

not sure where perfmon.conf or wmi.conf come into it.

Just add entries to inputs.conf and restart

0 Karma
Reply

Splunk_U
Path Finder
‎12-28-2012 05:34 AM

I am not able to see perfmon.conf file in the default. shall I create the wmi.conf file?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...