I am trying to get CPU usage for a specific process in windows. My search looks like this:
host=host1 AND sourcetype="Perfmon:Process" AND counter="% Processor Time" AND process_name="server*" | table _time, counter, process_name, Value
My result is showing mostly 100 for Value which is not really true. Windows runs on VM.
Result looks like this:
2017-09-22T14:40:28.000-0400 % Processor Time server 100
2017-09-22T14:39:43.000-0400 % Processor Time server 100
2017-09-22T14:37:28.000-0400 % Processor Time server 100
2017-09-22T14:32:58.000-0400 % Processor Time server#1 100
2017-09-22T14:32:13.000-0400 % Processor Time server 100
2017-09-22T14:38:13.000-0400 % Processor Time server 100
2017-09-22T14:31:28.000-0400 % Processor Time server#1 11.30968265
2017-09-22T14:21:43.000-0400 % Processor Time server 100
2017-09-22T14:18:43.000-0400 % Processor Time server#1 0.105369743
2017-09-22T14:36:43.000-0400 % Processor Time server 0.034732856
2017-09-22T14:35:58.000-0400 % Processor Time server#1 0.14049302
2017-09-22T14:29:13.000-0400 % Processor Time server 100
2017-09-22T14:28:28.000-0400 % Processor Time server#1 84.84122861
2017-09-22T14:20:58.000-0400 % Processor Time server#1 100
2017-09-22T14:16:28.000-0400 % Processor Time server 100
2017-09-22T14:14:58.000-0400 % Processor Time server#1 100
What should I do? Why is it pulling all the 100s? 80% of events show a 100. Is it an agent config issue?
↧