Windows perfmon metricsetedit

Warning

This functionality is in beta and is subject to change. The design and code is considered to be less mature than official GA features. Elastic will take a best effort approach to fix any issues, but beta features are not subject to the support SLA of official GA features.

The perfmon metricset of the Windows module reads Windows performance counters.

Configurationedit

You must configure queries for the Windows performance counters that you wish to collect. The example below collects processor time and disk writes every 10 seconds. If either of the counters do not exist it will ignore the error.

- module: windows
  metricsets: [perfmon]
  period: 10s
  perfmon.ignore_non_existent_counters: true
  perfmon.counters:
    - instance_label: processor.name
      instance_name: total
      measurement_label: processor.time.total.pct
      query: '\Processor Information(_Total)\% Processor Time'

    - instance_label: physical_disk.name
      measurement_label: physical_disk.write.per_sec
      query: '\PhysicalDisk(*)\Disk Writes/sec'

    - instance_label: physical_disk.name
      measurement_label: physical_disk.write.time.pct
      query: '\PhysicalDisk(*)\% Disk Write Time'
ignore_non_existent_counters
A boolean option that causes the metricset to ignore errors caused by counters that do not exist when set to true. Instead of an error, a message will be logged at the info level stating that the counter does not exist.
counters
Counters specifies a list of queries to perform. Each individual counter requires three config options - instance_label, measurement_label, and query.

Counter Configurationedit

Each item in the counters list specifies a perfmon query to perform. In the events generated by the metricset these configuration options map to the field values as shown below.

"%[instance_label]": "%[instance_name] or <perfmon_counter_name>",
"%[measurement_label]": <perfmon_counter_value>,
instance_label
The label used to identify the counter instance. This field is required.
instance_name

The instance name to use in the event when the counter’s path (query) does not include an instance or when you want to override the instance name. For example with \Processor Information(_Total) the instance name would be _Total and by setting instance_name: total you can override the value.

The setting has no effect with wildcard queries (e.g. \PhysicalDisk(*)\Disk Writes/sec).

measurement_label
The label used for the value returned by the query. This field is required.
query
The perfmon query. This is the counter path specified in Performance Data Helper (PDH) syntax. This field is required. For example \Processor Information(_Total)\% Processor Time. An asterisk can be used in place of an instance name to perform a wildcard query that generates an event for each counter instance (e.g. \PhysicalDisk(*)\Disk Writes/sec).
format
Format of the measurement value. The value can be either float or long. The default is float.

Fieldsedit

For a description of each field in the metricset, see the exported fields section.

Here is an example document generated by this metricset:

{
    "@timestamp": "2017-10-12T08:05:34.853Z",
    "beat": {
        "hostname": "host.example.com",
        "name": "host.example.com"
    },
    "metricset": {
        "module": "windows",
        "name": "perfmon",
        "rtt": 115
    },
    "windows": {
        "perfmon": {
            "processor": {
                "name": "_Total",
                "time": {
                    "total": {
                        "pct": 1.4663385364361736
                    }
                }
            }
        }
    }
}