I'm looking to create a monitor set that checks the CPU and RAM usage of specific processes, based off the info you might find in Task Manager in case a process pins either to its ceiling. I attempted to create this using Counter Thresholds with the below, but the data either does not return or reports a 0.
In reviewing this, I also found a TechNet article which seems to suggest that this sort of monitoring similar to what you may find in Task Manager is not possible (https://social.technet.microsoft.com/Forums/en-US/0435e7c5-3cda-41a0-953e-7fa462fde03b/perfmon-process-processor-time-vs-task-manager8217s-cpu-usage-for-monitoring-a-specific?forum=perfmon). I'm admittedly new to PerfMon and monitoring in general.
Has anyone found a secret sauce to accomplish this, or is it better to set a global CPU/RAM monitor and investigate when its alarm is tripped?
You could also query specific items using the command line and wmic. For example, if you wanted to find out what the boot drive and caption for a computer, you could accomplish it by using this: 'wmic OS get bootdevice, caption'
wmic OS get bootdevice, caption'
To get more information you can run 'wmic /?' for more options.
Once you get figured out what you want to retrieve then you could create a procedure to run it from.
I just realized your collection thresholds are all set to "over 20." That means any reading under 20 will be discarded. So if your % processor time is under 20% (which I'd imagine most programs will stay under this unless they're doing something really intensive) then the agent will simply not report the data to the VSA to save on performance. That may explain why you are not getting data or are getting 0's. You could try setting the collection threshold to "over 0" so essentially everything gets sent to the VSA, at least for troubleshooting purposes.
That doesn't explain the RAM collectors, although I am not sure what you are collecting with "Memory in Use." That's not a valid WMI counter that I'm aware of, and looks like something custom that's probably not working. I would recommend using something like private bytes, virtual bytes, or working set (I prefer working set). If you really want to get into a deep dive into memory, they all calculate RAM usage in slightly different ways, but generally working set is essentially the "bigger number" of all RAM an application is using, including shared memory (memory resources that are used by more than one application).
Simply put, I'd reset your collection thresholds to 0 and I'd change your memory counters to something like "process -> working set" and go from there.
Hey Jordan and Bud,
I appreciate the time you both took to respond. I'll spend some time this week working on the monitor set and seeing if the WMIC command line utility could be useful.