Monitoring Windows Environments with the Splunk Infrastructure Monitoring Smart Agent

At Splunk, we make it easy to submit metrics and traces from any environment to our solution using a variety of flexible and open standards-based protocols. One such example is our Smart Agent — an enhanced version of our "collectd"-based agent first built as a Kubernetes integration — which provides automatic service discovery, configuration, and metrics collection for any Linux environment.

We’ve extended these capabilities across operating systems with the release of the Smart Agent for Windows, making it easier than ever to monitor your Windows resources and applications.

Automatic Discovery and Configuration of Metrics for Windows Environments

The Windows Smart Agent provides people with the same automatic discovery and configuration capabilities delivered by its Linux-based counterpart, while also making it easier to monitor metrics that are unique to Windows environments. Written in Golang, the Windows Smart Agent runs by default as a Windows service (so that it can start at boot), and is supported on Windows Server 2008, 2012, and 2016, as well as Windows 7, 8, and 10.

Previously, Splunk Infrastructure Monitoring users could collect Windows system metrics and Windows Performance Counters with our PerfCounterReporter, but this path did not provide the same auto-discovery and configuration of metrics that we were providing for those monitoring Linux-based environments. Below is an overview of some of the metrics and plugins specifically supported by our Windows Smart Agent.

Windows-Specific Metrics

Windows Smart Agent will automatically discover and collect metrics for the following:

• Windows OS system metrics (CPU, memory, and disk utilization, network I/O)
• Windows performance counters (perfcounters)
• Windows processes
   

In particular, perfcounters are collected according to configuration that has to be specified by the user during the installation process. The Smart Agent will also collect metadata from the OS and cloud provider for the host it’s installed on, and sync that metadata as properties for easy grouping and filtering in Splunk.

Additional Monitors in Smart Agent for Windows

By default, the Smart Agent comes with plugins that support functionality beyond collecting Windows perfcounters and system metrics. Some of these include: 

• Microsoft SQL Server
• Windows Services
• Log tailing and parsing
• StatsD
   

In addition to the above, the Smart Agent also includes a wrapper that allows us to easily port our existing set of integrations written as Python-based "collectd" plugins over to Windows environments. This keeps the experience for Smart Agent consistent across operating systems, even though "collectd" does not run on Windows by default. 

A complete list of the Python-based "collectd" plugins provided with Windows Smart Agent can be found in our documentation, but the following is a small sample:

Monitoring Your Windows Resources with the Splunk Infrastructure Monitoring Smart Agent

Smart Agent Installation

Deploying the Smart Agent directly on a Windows host to collect metrics is straightforward. Ensure you have the following dependencies installed:

• .Net Framework 3.5
• Visual C++ Compiler for Python 2.7
   

Then you can use the following PowerShell script to install the Smart Agent. The Smart Agent is installed as a Windows service, and will log to the Windows Event Log:

& {Set-ExecutionPolicy Bypass -Scope Process -Force; $script = ((New-Object System.Net.WebClient).DownloadString('https://dl.signalfx.com/signalfx-agent.ps1')); $params = @{access_token = "YOUR_SIGNALFX_API_TOKEN"}; Invoke-Command -ScriptBlock ([scriptblock]::Create(". {$script} $(&{$args} @params)"))}

More detailed steps to install via a configuration management tool or using a containerized agent can be found in our documentation.

Viewing Windows and Linux Resources Together in Infrastructure Navigator

Once you have the Smart Agent deployed throughout your environment, you can use the Infrastructure Navigator in Splunk Infrastructure Monitoring to see a heatmap of both your Windows and Linux resources, as well as a dashboard displaying a core set of system metrics.

This view will display metrics from all of your hosts running the Smart Agent, regardless of which Smart Agent version is present on the underlying host. Because metadata from the underlying operating system and cloud provider is also collected by the agent and synced to Splunk, you can easily group hosts by OS. In this example, we group our hosts by whether they’re using Linux or Windows using the property “host_kernel_name”:

Use the heatmap to get an at-a-glance view of your resource utilization and view the various services in your environment, or drill down to a specific resource to get more detailed information and navigate to related services. Splunk Infrastructure Monitoring will display system metrics and a process list for that particular instance, and automatically generate dashboards for any additional services running on it.

Real-Time Visibility for Windows Infrastructure and More

Our approach to data collection and instrumentation at Splunk has always been this: we’ll take data in any format you want to send it, and make doing so as easy as possible – all while using flexible and open standards. Our Smart Agent for Windows is the latest in our continued efforts on this front. To get started with the Smart Agent and monitor your Windows environments, sign up for a 14-day trial of Splunk Infrastructure Monitoring.

Thanks,
Aaron Sun