All Apps and Add-ons

Using Windows App with light forwarder

Eric_the_Red
New Member

Greetings,

We have several items set up for collecting windows perfmon data. The Splunk App for Windows app appears to only work with WMI out of the box.

Here are the ones we have configured:PERFMON=cpu,memory,network,diskspace

Example:
[PERFMON:LocalPhysicalDisk]
interval = 0
object = PhysicalDisk
counters = Disk Bytes/sec; % Disk Read Time; % Disk Write Time; % Disk Time
instances = *
disabled = 0

Is there an easy way to adjust the Windows app? We would prefer to not use the WMI method if possible. I found a few posts saying it was possible, but nothing pointing me to the method to do this.

Thanks!

0 Karma

lguinn2
Legend

You may edit any part of the Windows app - the reason that it is not really discussed is because the Windows app is just like any other app. If you are the Splunk admin, you can go to Manager » Searches and reports and edit any of the searches in the Windows app. Under Manager » User interface » Views, you will find all of the dashboards in the Windows app. All of the macros are under Manager » Advanced search » Search macros and all of the eventtypes are in Manager » Event types.

You may find it helpful to click the checkbox for Show only objects created in this app context in each of these areas.

If you look in the Windows app for the eventtypes, searches, etc. that are using WMI, you can edit them with your own sourcetypes and other field names. Most of the eventtypes are based on sourcetypes; I would start by editing the eventtypes. This will probably make a lot of the dashboards and searches, which use the eventtypes, work properly.

I can't think of any shortcut way to do this...

0 Karma
Get Updates on the Splunk Community!

Testing out the OpenTelemetry Collector With raw Data

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

New Cloud Intrusion Detection System Add-on for Splunk

In July 2022 Splunk released the Cloud IDS add-on which expanded Splunk capabilities in security and data ...

Happy CX Day to our Community Superheroes!

Happy 10th Birthday CX Day!What is CX Day? It’s a global celebration recognizing innovation and success in the ...