Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Monitoring specific services

fhemmeld
Explorer
‎07-25-2018 10:12 AM

Relatively newbie on Splunk and trying to monitor specific services on windows boxes that run a Universal Forwarder. I can get the services info into the Splunk Light indexer (using [WinHostMon://Service] or [WMI:Services]), but both send back the whole list of services, while I only need a few of them and since I am limited in what I can index, I prefer not to index info I do not need. I looked at white-listing, but that only works on files/folders.

Is there a way of only obtaining the info for a few services (for example the SplunkD service, or Tomcat8 service) and ignore the rest at the source, or filter on the indexer by redirecting the unwanted info into the nullqueue or similar? I have searched through the answers on answers.splunk.com but have not found anything that helped me.

Using SplunkLight 7.1.2 without TA add-ons.

Thanks you!

Reply

DalJeanis
Legend
‎07-25-2018 06:36 PM

As well as somesoni2's suggestion, you can also whitelist or blacklist particular transactions, using various methods.

The general term for that is "route to the null queue". Here's one example answer that explains hwo to do it in one situation.

https://answers.splunk.com/answers/11617/route-unwanted-logs-to-a-null-queue.html

In essence, you can either route only specific things to the nullqueue, or you can route everything to the nullqueue and then save the specific items you want to keep.

Of course, if your set it up so that the logs are never created, then you don't have to do that decisioning.

0 Karma
Reply

somesoni2
Revered Legend
‎07-25-2018 11:46 AM

See this (method 2)
https://www.splunk.com/blog/2014/05/30/monitoring-windows-service-state-history.html

0 Karma
Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...