Splunk Search

How to view the current system process

linker
Explorer

hi,
in windows ,how to view the current system process by splunk?

Tags (2)
0 Karma

linu1988
Champion

you need to set up more options, but for a start

the above one will give you some details not the exact task manager.

0 Karma

linker
Explorer

Can see result table process cpu memory usage,for example In the task manager, see the process, user name, CPU, memory usage

0 Karma

linu1988
Champion

Several approach can be used.

wmi can be used as well as perfmon counters

[WMI:services]
wql = select * from Win32_Process
index = main
interval = 60

OR

[Perfmon//:Process] in inputs.conf
object=Process
Counters=*
instances=*
index = main
interval = 60

Then you can query them. You can set perfmon , it will be easier.

index=main| table _time,IDprocess|dedup IDprocess

will give you latest processes running.

0 Karma

karthikjacc
New Member

Inputs.conf Added the below line
[perfmon]
object=Process Counters=* instances=* index = main interval = 60

And search page used the query index=main| table _time,IDprocess|dedup IDprocess

not populate any result.

0 Karma

linker
Explorer

thanks, but my meant is setup Splunk to monitor other Windows current run process, for example in task manager see process

0 Karma

username021
Explorer

You meant to setup Splunk to monitor Windows services.

in Windows , you would probabaly configure a universal forwarder i guess.

setup a wmi.conf in any of the apps under a local folder.

wmi.conf

[WMI:services]
disabled = 0
wql = Select * from Win32_services
index = you_index
interval = your_desired

linker
Explorer

not see splunk process, my meant is look at other windows process status by splunk?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

In addition to what kristian.kolb said, entering the splunk status in a Command Prompt window will show you the Splunk process IDs (pid).

---
If this reply helps you, Karma would be appreciated.

kristian_kolb
Ultra Champion

eeh yes.. I forgot the obvious 🙂

/K

0 Karma

kristian_kolb
Ultra Champion

Under windows, Splunk runs as two services;
- splunkd
- splunkweb

You can view them with the service control manager (services.msc) or task manager (taskmgr.exe)

Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...