Windows perfmon metricset
editWindows perfmon metricset
editThe perfmon
metricset of the Windows module reads Windows performance
counters.
Configuration
editYou must configure queries for the Windows performance counters that you wish to collect. The example below collects processor time and disk writes every 10 seconds. If either of the counters do not exist it will ignore the error.
- module: windows metricsets: [perfmon] period: 10s perfmon.ignore_non_existent_counters: true perfmon.group_measurements_by_instance: true perfmon.queries: - object: "Process" instance: ["svchost*", "conhost*"] counters: - name: "% Processor Time" field: time.processor.pct format: "float" - name: "Thread Count" field: thread_count - name: "IO Read Operations/sec" - object: "PhysicalDisk" field : "disk" instance: "*" counters: - name: "Disk Writes/sec" - name: "% Disk Write Time" field: "write_time" format: "float" // deprecated, will be removed in 8.0 perfmon.counters: - instance_label: processor.name instance_name: total measurement_label: processor.time.total.pct query: '\Processor Information(_Total)\% Processor Time' - instance_label: physical_disk.name measurement_label: physical_disk.write.per_sec query: '\PhysicalDisk(*)\Disk Writes/sec' - instance_label: physical_disk.name measurement_label: physical_disk.write.time.pct query: '\PhysicalDisk(*)\% Disk Write Time'
-
ignore_non_existent_counters
- A boolean option that causes the metricset to ignore errors caused by counters that do not exist when set to true. Instead of an error, a message will be logged at the info level stating that the counter does not exist.
-
group_measurements_by_instance
- A boolean option that causes metricbeat to send all measurements with a matching perfmon instance as part of a single event. In the above example, this will cause the physical_disk.write.per_sec and physical_disk.write.time.pct measurements to be sent as a single event. The default behaviour is for all measurements to be sent as separate events.
-
refresh_wildcard_counters
- A boolean option to refresh the counter list at each fetch. By default, the counter list will be retrieved at the starting time, to refresh the list at each fetch, users will have to enable this setting.
-
counters
-
Counters specifies a list of queries to perform. Each individual
counter requires three config options -
instance_label
,measurement_label
, andquery
.
Query Configuration
editEach item in the query
list specifies multiple perfmon queries to perform. In the
events generated by the metricset these configuration options map to the field
values as shown below.
-
object
- The performance object to query. A performance object can be a physical component, such as processors, disks, and memory, or a system object, such as processes and threads. Required
-
field
-
The object field/label. Not required, if not entered, it will be
object
. -
instance
- Matches the ParentInstance, ObjectInstance, and InstanceIndex are included in the path if multiple instances of the object can exist. Not required for performance counters which do not contain one.
-
counters
- List of the partial counter paths (At least one partial counter path is required).
-
name
-
The counter name. Required. This is the counter specified in Performance Data Helper (PDH) syntax. For example in case of the counter path
\Processor Information(_Total)\% Processor Time
, the value for this configuration option will be% Processor Time
. -
field
- The counter path value field/label. Not required, if not entered, it will be generated based on the counter path.
-
format
-
Format of the measurement value. The value can be either
float
,large
orlong
. The default isfloat
.
Deprecated Counter Configuration
editEach item in the counters
list specifies a perfmon query to perform. In the
events generated by the metricset these configuration options map to the field
values as shown below.
"%[instance_label]": "%[instance_name] or <perfmon_counter_name>", "%[measurement_label]": <perfmon_counter_value>,
-
instance_label
- The label used to identify the counter instance.
-
instance_name
-
The instance name to use in the event when the counter’s path (
query
) does not include an instance or when you want to override the instance name. For example with\Processor Information(_Total)
the instance name would be_Total
and by settinginstance_name: total
you can override the value.The setting has no effect with wildcard queries (e.g.
\PhysicalDisk(*)\Disk Writes/sec
). -
measurement_label
- The label used for the value returned by the query. This field is required.
-
query
-
The perfmon query. This is the counter path specified in
Performance Data Helper (PDH) syntax. This field is required. For example
\Processor Information(_Total)\% Processor Time
. An asterisk can be used in place of an instance name to perform a wildcard query that generates an event for each counter instance (e.g.\PhysicalDisk(*)\Disk Writes/sec
). -
format
-
Format of the measurement value. The value can be either
float
,large
orlong
. The default isfloat
.
Fields
editFor a description of each field in the metricset, see the exported fields section.
Here is an example document generated by this metricset:
{ "@timestamp": "2017-10-12T08:05:34.853Z", "event": { "dataset": "windows.perfmon", "duration": 115000, "module": "windows" }, "metricset": { "name": "perfmon", "period": 10000 }, "service": { "type": "windows" }, "windows": { "perfmon": { "instance": "_Total", "metrics": { "processor": { "time": { "total": { "pct": 6.310940413107646 } } } }, "object": "Processor Information" } } }