Splunk Search

How to view the current system process

linker
Explorer

hi,
in windows ,how to view the current system process by splunk?

Tags (2)
0 Karma

linu1988
Champion

you need to set up more options, but for a start

the above one will give you some details not the exact task manager.

0 Karma

linker
Explorer

Can see result table process cpu memory usage,for example In the task manager, see the process, user name, CPU, memory usage

0 Karma

linu1988
Champion

Several approach can be used.

wmi can be used as well as perfmon counters

[WMI:services]
wql = select * from Win32_Process
index = main
interval = 60

OR

[Perfmon//:Process] in inputs.conf
object=Process
Counters=*
instances=*
index = main
interval = 60

Then you can query them. You can set perfmon , it will be easier.

index=main| table _time,IDprocess|dedup IDprocess

will give you latest processes running.

0 Karma

karthikjacc
New Member

Inputs.conf Added the below line
[perfmon]
object=Process Counters=* instances=* index = main interval = 60

And search page used the query index=main| table _time,IDprocess|dedup IDprocess

not populate any result.

0 Karma

linker
Explorer

thanks, but my meant is setup Splunk to monitor other Windows current run process, for example in task manager see process

0 Karma

username021
Explorer

You meant to setup Splunk to monitor Windows services.

in Windows , you would probabaly configure a universal forwarder i guess.

setup a wmi.conf in any of the apps under a local folder.

wmi.conf

[WMI:services]
disabled = 0
wql = Select * from Win32_services
index = you_index
interval = your_desired

linker
Explorer

not see splunk process, my meant is look at other windows process status by splunk?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

In addition to what kristian.kolb said, entering the splunk status in a Command Prompt window will show you the Splunk process IDs (pid).

---
If this reply helps you, Karma would be appreciated.

kristian_kolb
Ultra Champion

eeh yes.. I forgot the obvious 🙂

/K

0 Karma

kristian_kolb
Ultra Champion

Under windows, Splunk runs as two services;
- splunkd
- splunkweb

You can view them with the service control manager (services.msc) or task manager (taskmgr.exe)

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...