Solved: Re: How to exclude or filter 0% window process fro...

fongpen · ‎08-23-2022

Hi Guru,

How do we exclude 0% process usage from Hostmetrics? We would like to capture those process have >0% usage only..

Appreciate if you can provide the sample.

hostmetrics:
collection_interval: 10s
scrapers:
# System processes metrics, disabled by default
process: (filter / exclude 0% process usage)

fongpen · ‎10-26-2022

Replied from Splunk Support : unfortunately, it looks like it's not possible to exclude process metrics which have 0% value

View solution in original post

fongpen · ‎10-26-2022

Replied from Splunk Support : unfortunately, it looks like it's not possible to exclude process metrics which have 0% value

fongpen · ‎08-24-2022

Samples: -

Include : * Process > 0%

Exclude : * Process = 0%

ITWhisperer · ‎08-24-2022

These appear to be screenshots - Splunk doesn't ingest these very well.

fongpen · ‎08-23-2022

I would like to have something like this:-

PS > Get-Counter '\Process(*)\% Processor Time' -ErrorAction SilentlyContinue | Select-Object -ExpandProperty CounterSamples | Sort-Object -Property cookedvalue -Descending | Where-Object CookedValue -gt 0

*** There are thousand of 0% process which wasted a lot of space and custom metrics license.

ITWhisperer · ‎08-23-2022

Please provide some sample raw events that you are trying to ingest, both the ones you want to keep and the one you want to exclude.

ITWhisperer · ‎08-23-2022

Please can you provide some sanitised events so we can see what you are dealing with?

How to exclude or filter 0% window process from hostmetrics - process?

field extraction

host

monitor

scripted input

Windows

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases