Windows data you can collect with ITE Work
Collect metrics and log data with for Windows systems with a universal forwarder. You can use the data collection script or configure data collection agents manually. For more information, see these topics:
- Collect Windows metrics and logs with the data collection script in ITE Work
- Manually collect metrics from a Windows host in ITE Work
- Manually collect logs from a Windows host in ITE Work
If you haven't seen the requirements yet, see Windows integration requirements for ITE Work.
Metrics data
These are the host-identifying dimensions for each Windows host:
-
host -
ip -
os -
os_version -
entity_type
These are the metrics collected, the default counters, and each source type for Windows hosts:
| Metric | Counters | Source type |
|---|---|---|
| [perfmon://CPU] |
|
PerfmonMetrics:CPU |
| [perfmon://PhysicalDisk] |
|
PerfmonMetrics:PhysicalDisk |
| [perfmon://Network] |
|
PerfmonMetrics:Network |
| [perfmon://Memory] |
|
PerfmonMetrics:Memory |
| [perfmon://System] |
|
PerfmonMetrics:System |
| [perfmon://Process] |
|
PerfmonMetrics:Process |
| [perfmon://LogicalDisk] |
|
PerfmonMetrics:LogicalDisk |
(*) Indicates counters that are required for the Content Pack for Monitoring Microsoft Windows.
Log data
The source type for all Windows log data is uf.
These are the logs a universal forwarder collects for each Windows host by default:
-
$SPLUNK_HOMEvar\log\splunk\*.log* -
Application -
Security -
System -
Forwarded Events -
Setup