Hello,

Best solution is to install the splunk add on for windows available on splunk base on the windows server where splunk agent is installed.

this package has got all system level and perfmon metric collection inputs 

just enable those, it will be a lot easier for your situation.

You can try this one https://docs.splunk.com/Documentation/AddOns/released/Windows/AbouttheSplunkAdd-onforWindows

Just install it on your windows machines which are running UF. Do configuration via conf-files or install it first on some HF/your test server and then take conf-files there and install then those (without host name) to UFs.

Good evening @isoutamo 

apologies for the delay in response, i  was pulled away from the office the last couple of days.

So, i believe i've got it installed correctly, utilised the deployment server and edited the inputs.conf file enabling the sections that I want to monitor - checking the servers they seemed to have pulled down the files correctly.

I've also created an index (client_monitoring) and used:

index = client_monitoring

in the inputs.conf file.  However if I try and do a search on that index I get No results found.

If I look at the Index's management page no data appears to be coming in as the Event Count is 0.

Apologies if this is all quite straight forward, I'm trying to teach myself this as I go along lol

good morning @isoutamo so I did restart the UF on one server (i was just testing it at the time to see if it works).

Apologies, i don't fully understand you logs sentence. 

Internal logs are UF’s own logs which told how it works. Application logs are e.g. windows, web servers or other logs which are generated by some application.

Ok cool, gotcha.  So restarted the UF again today just to make sure and everything has kicked in, so either I restarted it to soon last time (ie before the conf file had come down) or it didn't necessarily start correctly.

Thank you once again, onto the my next research topic.....Dashboards 🙂