A couple of people have asked how to use the Windows Performance Counter monitoring for multiple processes in a single rule, which allows wildcard on Object, but not on Instance. There are a couple of blog posts on multiple services, but I couldn’t find anything on processes.
The regular Windows Performance Counter provider actually does not work with multiple processes, but the WMI performance provider does.
In the UI, you can create a unit monitor
WMI Performance Counters -> Static Thresholds -> Single Threshold -> Simple Threshold
In the authoring console, the path is slightly different to get to the same MonitorType
WMI Performance Counters -> Single Threshold -> Simple Threshold
You can obviously choose other types.
The available MonitorTypes that will handle multiple process instances without scripting are:
|Windows!Microsoft.Windows.WmiBased.Performance.ThresholdMonitorType||Single threshold Monitor Type|
|Windows!Microsoft.Windows.WmiBased.Performance.DoubleThreshold||3-state monitor (under, between, over thresholds)|
|Windows!Microsoft.Windows.WmiBased.Performance.DeltaThreshold||For rate-of-change monitoring|
|Windows!Microsoft.Windows.WmiBased.Performance.AverageThreshold||Moving average changes, useful for monitoring stocks|
|Windows!Microsoft.Windows.WmiBased.Performance.ConsecutiveSamplesThreshold||n consecutive samples over/under y threshold|
What’s common to all of these is the WMI query and the mapping of WMI results to performance data.
WMI Namespace = Root\cimv2
Query = Select * from Win32_PerfFormattedData_PerfProc_Process where Name like "DLLHost%"
Will give you performance data for *each* instance of DLLHost. When you run these through the mapper, they "fan out" so that each instance of DLLHost’s performance data gets processed through the threshold filtering. To find out the WMI name of the performance counter you want, you can test the WMI query in wbemtest (just run wbemtest from a command line, connect to Root\Cimv2, click the Query button, paste the query, and click Apply). For example, "% Processor Time" as shown in perfmon is "PercentProcessorTime" in WMI. Make sure you are using the WMI name.
The mapper transforms the WMI data into the equivalent of "native" performance data. Downstream modules such as ExpressionFilters or Alert write actions can’t tell the difference between data run through a mapper and data that came straight from Windows Performance Counter data sources. You tell the mapper what you want it to look like. For example, most of these counters would come from
Instance = <Process Name>
Counter = <counter, such as "% Processor Time">
Value = <what you see in the perfmon graph>
So to do this for our example, the mapper would look as follows:
ObjectName = Process
CounterName = % Processor Time
InstanceName = $Data/Property[@Name=’Name’]$
Value = $Data/Property[@Name=’PercentProcessorTime’]$
Since the name and value are returned in the WMI results, we use the $Data…$ macro and the WMI names for the fields.
Once you’re past this step, everything else should be pretty familiar with regard to setting thresholds, averages, etc.
Tags: Authoring; WMI; Windows Process; Wildcard; Operations Manager 2007