Monitoring Splunk

monitor performance counter for a specific process

barsuk1
New Member

Hi,
Is there a way to do the subj. , i.e. to monitor performance counter of a specific process on Windows? Let's say I have some service process running on windows. I can add performance counter to it on Windows perfmon for example for the Processor Usage % (or whatever is available on Windows). However on Splunk "Local Performance Monitoring" I see only the system wide preformance counters?

0 Karma

dguimbellot2019
New Member

i updated the wmi.conf to include this
[WMI:ProcessPath]
interval = 60
disabled = 0
index = default
wql = select Path, ProcessId from Win32_Process where Name like 'foobar%'

0 Karma

MHibbin
Influencer

have you tried writing a custom script which outputs the data you require to stdout (or to a log file if you prefer)... and then add it as a scripted input for Splunk (of get Splunk to monitor the file you created with you custom script).

0 Karma

Ayn
Legend

Not out of the box, no.

0 Karma

barsuk1
New Member

no I did not try, but I guess it is possible. however my question was if Splunk knows how to look at this counters by itself... so the answer here is probably NO?

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...