Archive

How to view the current system process

linker
Explorer

hi,
in windows ,how to view the current system process by splunk?

Tags (2)
0 Karma

linu1988
Champion

you need to set up more options, but for a start

the above one will give you some details not the exact task manager.

0 Karma

linker
Explorer

Can see result table process cpu memory usage,for example In the task manager, see the process, user name, CPU, memory usage

0 Karma

linu1988
Champion

Several approach can be used.

wmi can be used as well as perfmon counters

[WMI:services]
wql = select * from Win32_Process
index = main
interval = 60

OR

[Perfmon//:Process] in inputs.conf
object=Process
Counters=*
instances=*
index = main
interval = 60

Then you can query them. You can set perfmon , it will be easier.

index=main| table _time,IDprocess|dedup IDprocess

will give you latest processes running.

0 Karma

karthikjacc
New Member

Inputs.conf Added the below line
[perfmon]
object=Process Counters=* instances=* index = main interval = 60

And search page used the query index=main| table _time,IDprocess|dedup IDprocess

not populate any result.

0 Karma

linker
Explorer

thanks, but my meant is setup Splunk to monitor other Windows current run process, for example in task manager see process

0 Karma

username021
Explorer

You meant to setup Splunk to monitor Windows services.

in Windows , you would probabaly configure a universal forwarder i guess.

setup a wmi.conf in any of the apps under a local folder.

wmi.conf

[WMI:services]
disabled = 0
wql = Select * from Win32_services
index = you_index
interval = your_desired

linker
Explorer

not see splunk process, my meant is look at other windows process status by splunk?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

In addition to what kristian.kolb said, entering the splunk status in a Command Prompt window will show you the Splunk process IDs (pid).

---
If this reply helps you, an upvote would be appreciated.

kristian_kolb
Ultra Champion

eeh yes.. I forgot the obvious 🙂

/K

0 Karma

kristian_kolb
Ultra Champion

Under windows, Splunk runs as two services;
- splunkd
- splunkweb

You can view them with the service control manager (services.msc) or task manager (taskmgr.exe)