Hello,
I have the following in my inputs.conf on a Windows server:
[perfmon://CPU]
counters = % Processor Time; % User Time; % Privileged Time; Interrupts/sec; % DPC Time; % Interrupt Time; DPCs Queued/sec; DPC Rate; % Idle Time; % C1 Time; % C2 Time; % C3 Time; C1 Transitions/sec; C2 Transitions/sec; C3 Transitions/sec
disabled = 0
instances = *
interval = 10
object = Processor
useEnglishOnly=true
index = os
I can see metrics coming through:
0 7.597075517979601 3.4455327772956763 4.071993282258527 338.6526155305428 0 0 55.64008336869486 0 91.11271353582889 2.18562547981863 88.92708805601026 0 26.86764386091932 250.12974415296156 0
With `object=Processor`, `sourcetype=PerfmonMk:CPU`.
The Windows Infrastructure app requires a `counter` field be present in its searches, but Splunk does not appear to be including this field in the results.
Has anyone seen this before? Do you know where the extraction may be failing?
↧