You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
125 lines
15 KiB
125 lines
15 KiB
[itsi-cp-windows-indexes]
|
|
definition = index = windows OR index = perfmon
|
|
|
|
[itsi-cp-windows-metrics-indexes]
|
|
definition = index = itsi_im_metrics
|
|
|
|
############################### CPU ###############################
|
|
[monitoring_windows_cpu_mixed_mode_TRUNCATED_RESULTS]
|
|
definition = union \
|
|
[|mstats latest("Processor.%_Idle_Time") AS %_Idle_Time, latest("Processor.Interrupts/sec") AS Interrupts/sec, latest("Processor.%_User_Time") AS %_User_Time WHERE `itsi-cp-windows-metrics-indexes` sourcetype="PerfmonMetrics:CPU" by host span=30s] \
|
|
[|mstats latest("% Idle Time") AS %_Idle_Time, latest("Interrupts/sec") AS Interrupts/sec, latest("% User Time") AS %_User_Time WHERE `itsi-cp-windows-metrics-indexes` sourcetype="Perfmon:CPU" by host span=30s] \
|
|
[search (`itsi-cp-windows-indexes`)(sourcetype="Perfmon:CPU" ) | eval %_Idle_Time = case( match (counter, "% Idle Time"), Value) , Interrupts/sec = case(match (counter, "Interrupts/sec"), Value) , %_User_Time = case(match (counter, "% User Time"), Value)]
|
|
iseval = 0
|
|
|
|
[monitoring_windows_cpu_recommended]
|
|
definition = mstats latest("Processor.%_Idle_Time") AS %_Idle_Time, latest("Processor.Interrupts/sec") AS Interrupts/sec, latest("Processor.%_User_Time") AS %_User_Time WHERE `itsi-cp-windows-metrics-indexes` sourcetype="PerfmonMetrics:CPU" by host span=30s
|
|
iseval = 0
|
|
|
|
[monitoring_windows_cpu_events]
|
|
definition = search (`itsi-cp-windows-indexes`)(sourcetype="Perfmon:CPU" ) | eval %_Idle_Time = case( match (counter, "% Idle Time"), Value) , Interrupts/sec = case(match (counter, "Interrupts/sec"), Value) , %_User_Time = case(match (counter, "% User Time"), Value)
|
|
iseval = 0
|
|
|
|
[monitoring_windows_cpu_deprecated]
|
|
definition = mstats latest("% Idle Time") AS %_Idle_Time, latest("Interrupts/sec") AS Interrupts/sec, latest("% User Time") AS %_User_Time WHERE `itsi-cp-windows-metrics-indexes` sourcetype="Perfmon:CPU" by host span=30s
|
|
iseval = 0
|
|
|
|
[monitoring_windows_cpu_wrapper]
|
|
definition = `monitoring_windows_cpu_recommended`
|
|
iseval = 0
|
|
|
|
############################### Logical Disk ###############################
|
|
[monitoring_windows_logicaldisk_mixed_mode_TRUNCATED_RESULTS]
|
|
definition = union \
|
|
[| mstats latest(LogicalDisk.Free_Megabytes) AS L_Free_Megabytes, latest(LogicalDisk.%_Free_Space) As l_storage_free_percent, min(LogicalDisk.Free_Megabytes) AS M_Free_Megabytes, min(LogicalDisk.%_Free_Space) As m_storage_free_percent, max(LogicalDisk.Avg._Disk_sec/Transfer) AS latency WHERE `itsi-cp-windows-metrics-indexes` sourcetype=PerfmonMetrics:LogicalDisk instance!=_Total instance!=Harddisk* by host,instance span=30s | eval FreePct-Other=case( match (instance, "C:"), null(), match(instance,"D:"), null(),true(),m_storage_free_percent), FreeMB-Other=case( match (instance, "C:"), null(), match(instance,"D:"), null(), true(),M_Free_Megabytes), FreePct-{instance}=l_storage_free_percent,FreeMB-{instance}=L_Free_Megabytes, latency = latency * 1000] \
|
|
[|mstats latest("Free Megabytes") AS L_Free_Megabytes, latest("% Free Space") As l_storage_free_percent, min("Free Megabytes") AS M_Free_Megabytes, min("% Free Space") As m_storage_free_percent, max("Avg. Disk sec/Transfer") AS latency WHERE `itsi-cp-windows-metrics-indexes` sourcetype=Perfmon:LogicalDisk instance!=_Total instance!=Harddisk* by host,instance span=30s | eval FreePct-Other=case( match (instance, "C:"), null(), match(instance,"D:"), null(),true(),m_storage_free_percent), FreeMB-Other=case( match (instance, "C:"), null(), match(instance,"D:"), null(), true(),M_Free_Megabytes), FreePct-{instance}=l_storage_free_percent,FreeMB-{instance}=L_Free_Megabytes, latency = latency * 1000] \
|
|
[search `itsi-cp-windows-indexes` sourcetype=Perfmon:LogicalDisk instance!=_Total instance!=Harddisk* | eval FreePct-Other=case( match (instance, "C:"), null(), match(instance,"D:"), null(),true(),storage_free_percent), FreeMB-Other=case( match (instance, "C:"), null(), match(instance,"D:"), null(), match (counter, "Free Megabytes"), Value), FreePct-{instance}=case( match (counter, "% Free Space"), Value),FreeMB-{instance}=case( match (counter, "Free Megabytes"), Value)]
|
|
iseval = 0
|
|
|
|
[monitoring_windows_logicaldisk_recommended]
|
|
definition = mstats latest(LogicalDisk.Free_Megabytes) AS L_Free_Megabytes, latest(LogicalDisk.%_Free_Space) As l_storage_free_percent, min(LogicalDisk.Free_Megabytes) AS M_Free_Megabytes, min(LogicalDisk.%_Free_Space) As m_storage_free_percent, max(LogicalDisk.Avg._Disk_sec/Transfer) AS latency WHERE `itsi-cp-windows-metrics-indexes` sourcetype=PerfmonMetrics:LogicalDisk instance!=_Total instance!=Harddisk* by host,instance span=30s | eval FreePct-Other=case( match (instance, "C:"), null(), match(instance,"D:"), null(),true(),m_storage_free_percent), FreeMB-Other=case( match (instance, "C:"), null(), match(instance,"D:"), null(), true(),M_Free_Megabytes), FreePct-{instance}=l_storage_free_percent,FreeMB-{instance}=L_Free_Megabytes, latency = latency * 1000
|
|
iseval = 0
|
|
|
|
[monitoring_windows_logicaldisk_events]
|
|
definition = search `itsi-cp-windows-indexes` sourcetype=Perfmon:LogicalDisk instance!=_Total instance!=Harddisk* | eval FreePct-Other=case( match (instance, "C:"), null(), match(instance,"D:"), null(),true(),storage_free_percent), FreeMB-Other=case( match (instance, "C:"), null(), match(instance,"D:"), null(), match (counter, "Free Megabytes"), Value), FreePct-{instance}=case( match (counter, "% Free Space"), Value),FreeMB-{instance}=case( match (counter, "Free Megabytes"), Value)
|
|
iseval = 0
|
|
|
|
[monitoring_windows_logicaldisk_deprecated]
|
|
definition = mstats latest("Free Megabytes") AS L_Free_Megabytes, latest("% Free Space") As l_storage_free_percent, min("Free Megabytes") AS M_Free_Megabytes, min("% Free Space") As m_storage_free_percent, max("Avg. Disk sec/Transfer") AS latency WHERE `itsi-cp-windows-metrics-indexes` sourcetype=Perfmon:LogicalDisk instance!=_Total instance!=Harddisk* by host,instance span=30s | eval FreePct-Other=case( match (instance, "C:"), null(), match(instance,"D:"), null(),true(),m_storage_free_percent), FreeMB-Other=case( match (instance, "C:"), null(), match(instance,"D:"), null(), true(),M_Free_Megabytes), FreePct-{instance}=l_storage_free_percent,FreeMB-{instance}=L_Free_Megabytes, latency = latency * 1000
|
|
iseval = 0
|
|
|
|
[monitoring_windows_logicaldisk_wrapper]
|
|
definition = `monitoring_windows_logicaldisk_recommended`
|
|
iseval = 0
|
|
|
|
############################### Memory ###############################
|
|
[monitoring_windows_memory_mixed_mode_TRUNCATED_RESULTS]
|
|
definition = union \
|
|
[| mstats latest("Memory.Available_MBytes") AS Available_MBytes, latest("Memory.Cache_Bytes") AS Cache_Bytes, latest("Memory.Page_Reads/sec") AS Page_Reads/sec WHERE `itsi-cp-windows-metrics-indexes` sourcetype=PerfmonMetrics:Memory by host span=30s] \
|
|
[| mstats latest("Available MBytes") AS Available_MBytes, latest("Cache Bytes") AS Cache_Bytes, latest("Page Reads/sec") AS Page_Reads/sec WHERE `itsi-cp-windows-metrics-indexes` sourcetype=Perfmon:Memory by host span=30s] \
|
|
[search `itsi-cp-windows-indexes` sourcetype=Perfmon:Memory | eval Available_MBytes = case( match (counter, "Available MBytes"), Value),Cache_Bytes = case( match (counter, "Cache Bytes"), Value), Page_Reads/sec = case( match (counter, "Page Reads/sec"), Value), Page_Writes/sec = case( match (counter, "Page Writes/sec"), Value)]
|
|
iseval = 0
|
|
|
|
[monitoring_windows_memory_recommended]
|
|
definition = mstats latest("Memory.Available_MBytes") AS Available_MBytes, latest("Memory.Cache_Bytes") AS Cache_Bytes, latest("Memory.Page_Reads/sec") AS Page_Reads/sec WHERE `itsi-cp-windows-metrics-indexes` sourcetype=PerfmonMetrics:Memory by host span=30s
|
|
iseval = 0
|
|
|
|
[monitoring_windows_memory_events]
|
|
definition = search `itsi-cp-windows-indexes` sourcetype=Perfmon:Memory | eval Available_MBytes = case( match (counter, "Available MBytes"), Value),Cache_Bytes = case( match (counter, "Cache Bytes"), Value), Page_Reads/sec = case( match (counter, "Page Reads/sec"), Value), Page_Writes/sec = case( match (counter, "Page Writes/sec"), Value)
|
|
iseval = 0
|
|
|
|
[monitoring_windows_memory_deprecated]
|
|
definition = mstats latest("Available MBytes") AS Available_MBytes, latest("Cache Bytes") AS Cache_Bytes, latest("Page Reads/sec") AS Page_Reads/sec WHERE `itsi-cp-windows-metrics-indexes` sourcetype=Perfmon:Memory by host span=30s
|
|
iseval = 0
|
|
|
|
[monitoring_windows_memory_wrapper]
|
|
definition = `monitoring_windows_memory_recommended`
|
|
iseval = 0
|
|
|
|
############################### Network ###############################
|
|
[monitoring_windows_network_mixed_mode_TRUNCATED_RESULTS]
|
|
definition = union \
|
|
[| mstats latest("Network_Interface.Bytes_Received/sec") AS Bytes_Received/sec, latest("Network_Interface.Current_Bandwidth") As Current_Bandwidth, latest("Network_Interface.Bytes_Sent/sec") AS Bytes_Sent/sec WHERE `itsi-cp-windows-metrics-indexes` sourcetype=PerfmonMetrics:Network instance!=isatap* by host, instance span=30s | eval HostNIC=host.":".instance | eval PctUtilRCV = 'Bytes_Received/sec'/Current_Bandwidth, PctUtilXMT = 'Bytes_Sent/sec'/Current_Bandwidth, KBpsRCV = 'Bytes_Received/sec'/1024, KBpsXMT = 'Bytes_Sent/sec'/1024] \
|
|
[| mstats latest("Bytes Received/sec") AS Bytes_Received/sec, latest("Current Bandwidth") As Current_Bandwidth, latest("Bytes Sent/sec") AS Bytes_Sent/sec WHERE `itsi-cp-windows-metrics-indexes` sourcetype=Perfmon:Network instance!=isatap* by host, instance span=30s | eval HostNIC=host.":".instance | eval PctUtilRCV = 'Bytes_Received/sec'/Current_Bandwidth, PctUtilXMT = 'Bytes_Sent/sec'/Current_Bandwidth, KBpsRCV = 'Bytes_Received/sec'/1024, KBpsXMT = 'Bytes_Sent/sec'/1024] \
|
|
[search `itsi-cp-windows-indexes` sourcetype=Perfmon:Network instance!=isatap* | eval HostNIC=host.":".instance | eval Current_Bandwidth = case( match (counter, "Current Bandwidth"), Value) | eventstats max(Current_Bandwidth) AS Current_Bandwidth by host | eval KBpsRCV = case( match (counter, "Bytes Received/sec"), Value)/1024, PctUtilRCV = case( match(counter, "Bytes Received/sec"), Value)/Current_Bandwidth | eval KBpsXMT = case( match (counter, "Bytes Sent/sec"), Value)/1024, PctUtilXMT = case( match(counter, "Bytes Sent/sec"), Value)/Current_Bandwidth]
|
|
iseval = 0
|
|
|
|
[monitoring_windows_network_recommended]
|
|
definition = mstats latest("Network_Interface.Bytes_Received/sec") AS Bytes_Received/sec, latest("Network_Interface.Current_Bandwidth") As Current_Bandwidth, latest("Network_Interface.Bytes_Sent/sec") AS Bytes_Sent/sec WHERE `itsi-cp-windows-metrics-indexes` sourcetype=PerfmonMetrics:Network instance!=isatap* by host, instance span=30s | eval HostNIC=host.":".instance | eval PctUtilRCV = 'Bytes_Received/sec'/Current_Bandwidth, PctUtilXMT = 'Bytes_Sent/sec'/Current_Bandwidth, KBpsRCV = 'Bytes_Received/sec'/1024, KBpsXMT = 'Bytes_Sent/sec'/1024
|
|
iseval = 0
|
|
|
|
[monitoring_windows_network_events]
|
|
definition = search `itsi-cp-windows-indexes` sourcetype=Perfmon:Network instance!=isatap* | eval HostNIC=host.":".instance | eval Current_Bandwidth = case( match (counter, "Current Bandwidth"), Value) | eventstats max(Current_Bandwidth) AS Current_Bandwidth by host | eval KBpsRCV = case( match (counter, "Bytes Received/sec"), Value)/1024, PctUtilRCV = case( match(counter, "Bytes Received/sec"), Value)/Current_Bandwidth | eval KBpsXMT = case( match (counter, "Bytes Sent/sec"), Value)/1024, PctUtilXMT = case( match(counter, "Bytes Sent/sec"), Value)/Current_Bandwidth
|
|
iseval = 0
|
|
|
|
[monitoring_windows_network_deprecated]
|
|
definition = mstats latest("Bytes Received/sec") AS Bytes_Received/sec, latest("Current Bandwidth") As Current_Bandwidth, latest("Bytes Sent/sec") AS Bytes_Sent/sec WHERE `itsi-cp-windows-metrics-indexes` sourcetype=Perfmon:Network instance!=isatap* by host, instance span=30s | eval HostNIC=host.":".instance | eval PctUtilRCV = 'Bytes_Received/sec'/Current_Bandwidth, PctUtilXMT = 'Bytes_Sent/sec'/Current_Bandwidth, KBpsRCV = 'Bytes_Received/sec'/1024, KBpsXMT = 'Bytes_Sent/sec'/1024
|
|
iseval = 0
|
|
|
|
[monitoring_windows_network_wrapper]
|
|
definition = `monitoring_windows_network_recommended`
|
|
iseval = 0
|
|
|
|
############################### Physical Disk ###############################
|
|
[monitoring_windows_physicaldisk_mixed_mode_TRUNCATED_RESULTS]
|
|
definition = union \
|
|
[|mstats latest("PhysicalDisk.%_Idle_Time") AS %_Idle_Time, latest("PhysicalDisk.Avg._Disk_Bytes/Read") AS Avg._Disk_Bytes/Read, latest("PhysicalDisk.Avg._Disk_Bytes/Write") AS Avg._Disk_Bytes/Write, latest("PhysicalDisk.Avg._Disk_Queue_Length") AS Avg._Disk_Queue_Length WHERE `itsi-cp-windows-metrics-indexes` sourcetype=PerfmonMetrics:PhysicalDisk instance!=_Total by host, instance span=30s| eval HostDisk=host . "-" . instance] \
|
|
[|mstats latest("% Idle Time") AS %_Idle_Time, latest("Avg. Disk Bytes/Read") AS Avg._Disk_Bytes/Read, latest("Avg. Disk Bytes/Write") AS Avg._Disk_Bytes/Write, latest("Avg. Disk Queue Length") AS Avg._Disk_Queue_Length WHERE `itsi-cp-windows-metrics-indexes` sourcetype=Perfmon:PhysicalDisk instance!=_Total by host, instance span=30s| eval HostDisk=host . "-" . instance] \
|
|
[search `itsi-cp-windows-indexes` sourcetype=Perfmon:PhysicalDisk instance!=_Total| eval HostDisk=host . "-" . instance , %_Idle_Time = case( match (counter, "% Idle Time"), Value), Avg._Disk_Bytes/Read = case( match (counter, "Avg. Disk Bytes/Read"), Value) , Avg._Disk_Bytes/Write = case( match (counter, "Avg. Disk Bytes/Write"), Value) , Avg._Disk_Queue_Length = case( match (counter, "Avg. Disk Queue Length"), Value)]
|
|
iseval = 0
|
|
|
|
[monitoring_windows_physicaldisk_recommended]
|
|
definition = mstats latest("PhysicalDisk.%_Idle_Time") AS %_Idle_Time, latest("PhysicalDisk.Avg._Disk_Bytes/Read") AS Avg._Disk_Bytes/Read, latest("PhysicalDisk.Avg._Disk_Bytes/Write") AS Avg._Disk_Bytes/Write, latest("PhysicalDisk.Avg._Disk_Queue_Length") AS Avg._Disk_Queue_Length WHERE `itsi-cp-windows-metrics-indexes` sourcetype=PerfmonMetrics:PhysicalDisk instance!=_Total by host, instance span=30s| eval HostDisk=host . "-" . instance
|
|
iseval = 0
|
|
|
|
[monitoring_windows_physicaldisk_events]
|
|
definition = search `itsi-cp-windows-indexes` sourcetype=Perfmon:PhysicalDisk instance!=_Total| eval HostDisk=host . "-" . instance , %_Idle_Time = case( match (counter, "% Idle Time"), Value), Avg._Disk_Bytes/Read = case( match (counter, "Avg. Disk Bytes/Read"), Value) , Avg._Disk_Bytes/Write = case( match (counter, "Avg. Disk Bytes/Write"), Value) , Avg._Disk_Queue_Length = case( match (counter, "Avg. Disk Queue Length"), Value)
|
|
iseval = 0
|
|
|
|
[monitoring_windows_physicaldisk_deprecated]
|
|
definition = mstats latest("% Idle Time") AS %_Idle_Time, latest("Avg. Disk Bytes/Read") AS Avg._Disk_Bytes/Read, latest("Avg. Disk Bytes/Write") AS Avg._Disk_Bytes/Write, latest("Avg. Disk Queue Length") AS Avg._Disk_Queue_Length WHERE `itsi-cp-windows-metrics-indexes` sourcetype=Perfmon:PhysicalDisk instance!=_Total by host, instance span=30s| eval HostDisk=host . "-" . instance
|
|
iseval = 0
|
|
|
|
[monitoring_windows_physicaldisk_wrapper]
|
|
definition = `monitoring_windows_physicaldisk_recommended`
|
|
iseval = 0 |