Forum Discussion
Search multiple perf counters
Hi all,
I'm trying to learn the language and I want to search multiple perf counters on all connected computers, but I don't understand how.
for example:
Perf | where (CounterName == "% Committed Bytes In Use" or CounterName == "% Used Memory") | where CounterName == "% Committed Bytes In Use" | summarize AggregatedValue = avg(CounterValue) by Computer | sort by Computer desc
How do I add CPU % Processor Time to the query as a new column?
Thanks in advance.
Hey Dante,
Try this query, it shows a number of perf counters, and the average calculated per computer and counter name. The results show the counter name in a separate column.
Is this what you were looking for?
12 Replies
- Noa Kuperberg
Microsoft
Hey Dante,
Try this query, it shows a number of perf counters, and the average calculated per computer and counter name. The results show the counter name in a separate column.
Is this what you were looking for?
- I have diff types of server like APP, DB, Archival and DR, all are under the same log analytics workspace.
For which I want to set diff memory counters, like DB 80% APP 70% DR 30% so we get alerts.
Currently, we have set for all servers at 80 % as below how can we do the above?
Perf
| where CounterName == "% Committed Bytes In Use"
| where TimeGenerated > ago(30m) | summarize avg = avg(CounterValue) by Computer | where avg > 80You need a way to identify the servers by their type, here I'm using the computer name in a few ways (just to show some of the options you can use), to find the computer type and then assign a value and a default value. You may have another identifier other than computer name, but you can use a "case" on that data, like this example:
Perf | where TimeGenerated > ago(1h) | summarize by Computer, CounterName, CounterValue | extend groupThreshold_ = case ( Computer startswith "THAM", 10, Computer endswith "01",70, Computer has "aks",60, Computer contains "RDS",65, //else use default value 50 ) | where CounterName == "% Committed Bytes In Use" | summarize avg = avg(CounterValue) by Computer, groupThreshold_ | where avg > groupThreshold_
Hi Noa,
Is it in some way possible to use a matcher like contains or has in place of in?
...
| where CounterName contains/has ("% Committed", "% Used Mem", "% Proc")Regards,Henrik- Noa Kuperberg
Hi Henrik,
To check if a string contain any of a given list of values, you'd need to a evaluation each value separately, like this:
Perf | where CounterName contains "% Committed"
or CounterName contains "% Used Mem"
or CounterName contains "% Proc" | summarize AggregatedValue = avg(CounterValue) by Computer, CounterNameThe only string operator that accepts a list of values is "in". See the full list of string operators here.
Regards,
Noa
- I did a bit of research and I found I can do that with a Join, am I correct? although Im not sure how it works (language side)
- Noa Kuperberg
Yes, you can do it this way.
Note that I used join kind "fullouter" to includes all records, while the default join behavior is to show only records that match and exists on both left and right tables.
