Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to send Windows Perfmon Metrics to a Metrics Index?

shocko
Communicator
‎02-15-2022 12:54 PM

I'm using Splunk Enterprise 8.2.4 and I would like to start getting my Windows Forwarder Estate (8.2.4) to send it's perform. Initially I thought this would be easy but I was wrong. I though that out of the box that Splunk would allow me collect Windows perfmon data straight to a metrics index.  I think from reading the guide here that the pattern is as follows:

  1. Configure the forwarder inputs stanza as normal i.e. as you would to collect say the CPU metrics to an events index
  2. Point it at a metrics index tagged with a custom sourcetype
  3. Transform/parse the event to metrics format at the indexer when received based on sourcetype

Is this understanding correct and of so does anyone have a bundle of Transforms ready to go (perhaps a TA or app that does this like Splunk Add-on for Microsoft Windows | Splunkbase )?

Labels (3)
0 Karma
Reply
Get Updates on the Splunk Community!

Happy CX Day to our Community Superheroes!

Happy 10th Birthday CX Day!What is CX Day? It’s a global celebration recognizing innovation and success in the ...

Check out This Month’s Brand new Splunk Lantern Articles

Splunk Lantern is a customer success center providing advice from Splunk experts on valuable data insights, ...

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...