Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to view the current system process

linker
Explorer
‎03-24-2014 12:41 AM

hi,
in windows ,how to view the current system process by splunk?

Tags (2)
0 Karma
Reply

linu1988
Champion
‎03-26-2014 10:50 AM

you need to set up more options, but for a start

the above one will give you some details not the exact task manager.

0 Karma
Reply

linker
Explorer
‎03-26-2014 02:55 AM

Can see result table process cpu memory usage,for example In the task manager, see the process, user name, CPU, memory usage

0 Karma
Reply

linu1988
Champion
‎03-25-2014 10:18 PM

Several approach can be used.

wmi can be used as well as perfmon counters

[WMI:services]
wql = select * from Win32_Process
index = main
interval = 60

OR

[Perfmon//:Process] in inputs.conf
object=Process
Counters=*
instances=*
index = main
interval = 60

Then you can query them. You can set perfmon , it will be easier.

index=main| table _time,IDprocess|dedup IDprocess

will give you latest processes running.

0 Karma
Reply

karthikjacc
New Member
‎02-12-2018 08:06 AM

Inputs.conf Added the below line
[perfmon]
object=Process Counters=* instances=* index = main interval = 60

And search page used the query index=main| table _time,IDprocess|dedup IDprocess

not populate any result.

0 Karma
Reply

linker
Explorer
‎03-25-2014 09:38 PM

thanks, but my meant is setup Splunk to monitor other Windows current run process, for example in task manager see process

0 Karma
Reply

username021
Explorer
‎03-25-2014 09:08 PM

You meant to setup Splunk to monitor Windows services.

in Windows , you would probabaly configure a universal forwarder i guess.

setup a wmi.conf in any of the apps under a local folder.

wmi.conf

[WMI:services]
disabled = 0
wql = Select * from Win32_services
index = you_index
interval = your_desired
Reply

linker
Explorer
‎03-25-2014 08:46 PM

not see splunk process, my meant is look at other windows process status by splunk?

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-24-2014 05:18 AM

In addition to what kristian.kolb said, entering the splunk status in a Command Prompt window will show you the Splunk process IDs (pid).

---
If this reply helps you, Karma would be appreciated.
Reply

kristian_kolb
Ultra Champion
‎03-24-2014 05:47 AM

eeh yes.. I forgot the obvious 🙂

/K

0 Karma
Reply

kristian_kolb
Ultra Champion
‎03-24-2014 03:46 AM

Under windows, Splunk runs as two services;
- splunkd
- splunkweb

You can view them with the service control manager (services.msc) or task manager (taskmgr.exe)

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...