Hi all,
We're trying to get data from Windows network perfmon counters using the Splunk Universal Forwarder + Data Input without success.
For all other collectors (CPU, Memory, Disk, etc.) this resource works pretty well and the needed information are captured from Universal Forwarder to Splunk Enterprise.
-Universal Forwarder is on top of Windows Server 2008 R2 64 Bits including the Kernel-Mode Driver Framework version 1.11 update
-Splunk Enterprise 6.4.3
-Some different tentatives on inputs.conf:
[perfmon://Network Interface]
counters = *
disabled = 0
instances = *
interval = 60
object = Network Interface
[perfmon://Network Interface]
useEnglishOnly = true
showZeroValue = 1
counters = Bytes Received/sec;Bytes Sent/sec;
disabled = 0
index = main
instances = *;
interval = 60
object = Network Interface
[perfmon://Network Interface]
counters = Bytes Received/sec;Bytes Sent/sec;Bytes Total/sec;Current Bandwidth;Offloaded Connections;Output Queue Length;Packets Outbound Discarded;Packets Outbound Errors;Packets Received Discarded;Packets Received Errors;Packets Received Non-Unicast/sec;Packets Received Unicast/sec;Packets Received Unknown;Packets Received/sec;Packets Sent Non-Unicast/sec;Packets Sent Unicast/sec;Packets Sent/sec;Packets/sec;TCP Active RSC Connections;TCP RSC Average Packet Size;TCP RSC Coalesced Packets/sec;TCP RSC Exceptions/sec;
disabled = 0
index = wfm_realtime
instances = *;
interval = 60
object = Network Interface
The apps are correctly created and deployed on ..\SplunkUniversalForwarder\etc\apps. No errors are showed on th esplunk logs, but no data are sent to Splunk.
Do you have any tips or workarounds?
Thank you in advance.
↧