Summary: Learn how to use Log Search in Microsoft Operations Management Suite to filter near real-time performance counter data by computer name.
Good morning everyone, Ed Wilson here. One of the cool things about central Florida is the abundance of natural resources, and the outdoor lifestyle we enjoy. For example, the Scripting Wife and I recently went to see manatees. These dudes are awesome and mellow, and they are way cool marine mammals. They are also, unfortunately, endangered, so we are really lucky to get to see them hanging out and relaxing. Here is a picture of one that we saw.
Sort performance data by computer name
Note This is a five-part series that includes the following posts:
- Near real-time performance data collection in OMS
Learn about setting up and using near real-time performance data.
- Add counters to near real-time data collection in OMS
Learn how to add various counters to near real-time performance data.
- Use OMS Search to visualize collected performance data
Drill in to a graph that shows metrics about your computer.
- Filter OMS near real-time performance counter data by computer
Use Log Search to filter near real-time performance counter data by computer name.
- Use OMS near real-time performance counters to check one counter
Check the status of a single counter across all your systems.
The first things I want to know are:
- The computer names
- How many records they may provide for me to examine
The first thing I do is to go into Log Search. I find Log Search directly from the Start screen on my MS OMS console.
I find the computer name information easily by using Type=Perf and then filtering the records by computer. I get my counts because Computer is the property that I want to measure. Here is my query:
Type=Perf | measure count() by Computer
Here is my query and the results on my system:
So, now that I have a list of computer names and the number of records that each computer has, I can add a filter for the specific computer that I am interested in querying. To do this I simply add computer = “mycomputername” to the query. Here is a query that works on my system where I look at AzureDev01:
I can see from the query results that there are 136,848 records and that they cover 200 metrics. Here is the query and the output from the query:
When I switch to metric view, I can see the metrics as graphs, and I could dive in to them if I want.
Note I discussed this approach yesterday in Use OMS Search to visualize collected performance data.
The metric view page is shown here:
Dive in to a specific counter in a specific group
Now that I have found performance counters for a specific computer, I can dive in a bit more. For example, I can look at performance counters related to memory. To do this, I add ObjectName=Memory. This will return a group of performance counters that are related to memory. I also want them only related to a specific computer, so I leave my computer filter in the query. Here is my revised search:
Type=Perf Computer=AzureDev01 ObjectName=Memory
Here are the query and the associated output, where I have opened the Committed Bytes in Use:
If I want to look at a specific counter on a specific computer, I add a filter for the counter, for example:
Type=Perf Computer=AzureDev01 ObjectName=Memory CounterName="% Committed Bytes In Use"
That is all I have for you today. Join me tomorrow when I’ll talk about more way cool stuff.
I invite you to follow me on Twitter and the Microsoft OMS Facebook site. If you want to learn more about Windows PowerShell, visit the Hey, Scripting Guy! Blog. If you have any questions, send email to me at firstname.lastname@example.org. I wish you a wonderful day, and I’ll see you tomorrow.
Microsoft Operations Management Team