Hi Everybody
I use "splunk-add-on-for-microsoft-windows_600" to send process infomation. If there are several process with same name, the splunk forwarder only send one of these processes. Below is example:
processes list:
search:
the inputs.conf like this:
[perfmon://Process]
counters = % Processor Time; % User Time; % Privileged Time; Virtual Bytes Peak; Virtual Bytes; Page Faults/sec; Working Set Peak; Working Set; Page File Bytes Peak; Page File Bytes; Private Bytes; Thread Count; Priority Base; Elapsed Time; ID Process; Creating Process ID; Pool Paged Bytes; Pool Nonpaged Bytes; Handle Count; IO Read Operations/sec; IO Write Operations/sec; IO Data Operations/sec; IO Other Operations/sec; IO Read Bytes/sec; IO Write Bytes/sec; IO Data Bytes/sec; IO Other Bytes/sec; Working Set - Private
disabled = 0
instances = disp+work
interval = 30
mode = multikv
object = Process
useEnglishOnly=true
index = test
Anybody can help me? thanks!