On Splunk Enterprise and the universal forwarder, the performance monitor input runs as a process called splunk-perfmon.exe. Remote performance monitoring is available through Windows Management Instrumentation (WMI) and requires that the Splunk platform instance on the Windows machine runs as a user with appropriate Active Directory credentials. Both full instances of Splunk Enterprise and universal forwarders can collect local performance metrics. To get Windows performance monitor data in, you must run either a Splunk Enterprise heavy forwarder or universal forwarder on the Windows machine from which you want to collect the performance metrics, and then forward that data to the Splunk platform instance. For information on performance monitoring, search the Microsoft documentation website for "Performance Counters". Both Microsoft and third-party vendors provide libraries that contain performance counters. The types of performance objects, counters, and instances that are available to the platform depend on the performance libraries that are on the machine. ![]() The Splunk platform uses the Windows Performance Data Helper (PDH) API for performance counter queries on local Windows machines. The performance monitoring input gives you access to the Performance Monitor in a web interface. Supports the monitoring of all Windows performance counters in real time, which includes support for both local and remote collection of performance data.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |