Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to fix perfmon errors "Object specified...in conf file is not valid"?

dmhlakaza
Explorer
‎09-04-2014 04:03 AM

how to fix this error:
ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe" -index gdf" splunk-perfmon - The object specified - 'Processor' in stanza - 'CPU' in conf file is not valid.
09-03-2014 10:25:59.516 +0200 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe" -index gdf" splunk-perfmon - The object specified - 'LogicalDisk' in stanza - 'Logical Disk' in conf file is not valid.
09-03-2014 10:25:59.516 +0200 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe" -index gdf" splunk-perfmon - The object specified - 'Memory' in stanza - 'Memory' in conf file is not valid.
09-03-2014 10:25:59.516 +0200 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe" -index gdf" splunk-perfmon - The object specified - 'Network Interface' in stanza - 'Network' in conf file is not valid.
09-03-2014 10:25:59.516 +0200 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe" -index gdf" splunk-perfmon - The object specified - 'Process' in stanza - 'Processes' in conf file is not valid.
09-03-2014 10:25:59.516 +0200 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe" -index gdf" splunk-perfmon - The object specified - 'System' in stanza - 'System' in conf file is not valid.

Reply
1 Solution
Solved! Jump to solution
Solution

linu1988
Champion
‎09-04-2014 09:04 AM

More over did you check if the perfmon counter are available in your system? SOmetimes they get corrupt and are not accessible

View solution in original post

Reply
Solved! Jump to solution
Solution

linu1988
Champion
‎09-04-2014 09:04 AM

More over did you check if the perfmon counter are available in your system? SOmetimes they get corrupt and are not accessible

Reply
Solved! Jump to solution

linu1988
Champion
‎09-05-2014 12:38 AM

Needs to be marked as answered then 🙂

0 Karma
Reply
Solved! Jump to solution

dmhlakaza
Explorer
‎09-04-2014 11:36 PM

I just checked the perfmon counter and yes indeed they were corrupt, I ran the following commands to fix it
Rebuilding the counters:
cd c:\windows\system32
lodctr /R
cd c:\windows\sysWOW64
lodctr /R

Resyncing the counters with Windows Management Instrumentation (WMI):
WINMGMT.EXE /RESYNCPERF

Stop and restart the Performance Logs and Alerts service.
Stop and restart the Windows Management Instrumentation service.
Thank you very much

Reply
Solved! Jump to solution

linu1988
Champion
‎09-04-2014 04:23 AM

Hello,
It suggests the perfmon configuration in inputs.conf file is wrong, Could you post your stanzas?

Thanks

0 Karma
Reply
Solved! Jump to solution

linu1988
Champion
‎09-04-2014 06:59 AM

Still this should be like this PERFMON -> Perfmon

[Perfmon:CPU]
counters = % Processor Time;% Privileged Time
disabled = 0
instances = _Total
interval = 120
object = Processor
index = temp_index

restart the forwarder service, lets see what happens

0 Karma
Reply
Solved! Jump to solution

dmhlakaza
Explorer
‎09-04-2014 06:33 AM

thanks, but I am still using v4.3.6, I am planning to upgrade soon

0 Karma
Reply
Solved! Jump to solution

linu1988
Champion
‎09-04-2014 06:11 AM

Depends which version of splunk you are using. Please use the below in inputs.conf in v5+ splunk forwarders

[perfmon://CPU Load]
counters = % Processor Time;% Privileged Time
disabled = 0
instances = _Total
interval = 120
object = Processor
index = temp_index

Remember the stanza definition is case sensitive.

0 Karma
Reply
Solved! Jump to solution

dmhlakaza
Explorer
‎09-04-2014 05:32 AM

continued

[PERFMON:Processes]
counters = ID Process
disabled = 0
instances = *
interval = 900
object = Process

[PERFMON:Network]
counters = Bytes Received/sec;Bytes Sent/sec;Current Bandwidth
disabled = 0
instances = *
interval = 300
object = Network Interface

[PERFMON:System]
counters = System Up Time
disabled = 0
instances = *
interval = 3600
object = System

0 Karma
Reply
Solved! Jump to solution

dmhlakaza
Explorer
‎09-04-2014 05:31 AM

these are my stanzas and they working on other servers:

[PERFMON:CPU]
counters = % Privileged Time;% Processor Time;% User Time;DPCs Queued/sec
disabled = 0
instances = *
interval = 300
object = Processor

[PERFMON:Logical Disk]
counters = % Free Space;Current Disk Queue Length;Disk Read Bytes/sec;Disk Write Bytes/sec
disabled = 0
instances = *
interval = 900
object = LogicalDisk

[PERFMON:Memory]
counters = % Committed Bytes In Use;Page Reads/sec;Page Writes/sec
disabled = 0
instances = *
interval = 300
object = Memory

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...