Windows data you can collect with ITE Work

Collect metrics and log data with for Windows systems with a universal forwarder. You can use the data collection script or configure data collection agents manually. For more information, see these topics:

If you haven't seen the requirements yet, see Windows integration requirements for ITE Work.

Metrics data

These are the host-identifying dimensions for each Windows host:

host
ip
os
os_version
entity_type

These are the metrics collected, the default counters, and each source type for Windows hosts:


Metric	Counters	Source type
[perfmon://CPU]	% C1 Time % C2 Time % Idle Time % Processor Time % User Time % Privileged Time % Reserved Time % Interrupt Time Interrupts/sec*	PerfmonMetrics:CPU
[perfmon://PhysicalDisk]	% Disk Read Time % Disk Write Time Avg. Disk Queue Length % Idle Time Avg. Disk Bytes/Read* Avg. Disk Bytes/Write*	PerfmonMetrics:PhysicalDisk
[perfmon://Network]	Bytes Received/sec Bytes Sent/sec Packets Received/sec Packets Sent/sec Packets Received Errors Packets Outbound Errors Current Bandwidth*	PerfmonMetrics:Network
[perfmon://Memory]	Cache Bytes % Committed Bytes In Use Page Reads/sec Pages Input/sec Pages Output/sec Committed Bytes Available Bytes Available MBytes*	PerfmonMetrics:Memory
[perfmon://System]	Processor Queue Length Threads System Up Time	PerfmonMetrics:System
[perfmon://Process]	% Processor Time % User Time % Privileged Time Elapsed Time ID Process Virtual Bytes Working Set Private Bytes IO Read Bytes/sec IO Write Bytes/sec	PerfmonMetrics:Process
[perfmon://LogicalDisk]	Free Megabytes % Free Space Avg. Disk sec/Transfer*	PerfmonMetrics:LogicalDisk

(*) Indicates counters that are required for the Content Pack for Monitoring Microsoft Windows.

Log data

The source type for all Windows log data is uf.

These are the logs a universal forwarder collects for each Windows host by default:

$SPLUNK_HOMEvar\log\splunk\*.log*
Application
Security
System
Forwarded Events
Setup