- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to view the current system process
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to view the current system process
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you need to set up more options, but for a start
the above one will give you some details not the exact task manager.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can see result table process cpu memory usage,for example In the task manager, see the process, user name, CPU, memory usage
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Several approach can be used.
wmi can be used as well as perfmon counters
[WMI:services]
wql = select * from Win32_Process
index = main
interval = 60
OR
[Perfmon//:Process] in inputs.conf
object=Process
Counters=*
instances=*
index = main
interval = 60
Then you can query them. You can set perfmon , it will be easier.
index=main| table _time,IDprocess|dedup IDprocess
will give you latest processes running.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Inputs.conf Added the below line
[perfmon]
object=Process Counters=* instances=* index = main interval = 60
And search page used the query index=main| table _time,IDprocess|dedup IDprocess
not populate any result.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks, but my meant is setup Splunk to monitor other Windows current run process, for example in task manager see process
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You meant to setup Splunk to monitor Windows services.
in Windows , you would probabaly configure a universal forwarder i guess.
setup a wmi.conf in any of the apps under a local folder.
wmi.conf
[WMI:services]
disabled = 0
wql = Select * from Win32_services
index = you_index
interval = your_desired
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
not see splunk process, my meant is look at other windows process status by splunk?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In addition to what kristian.kolb said, entering the splunk status in a Command Prompt window will show you the Splunk process IDs (pid).
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
eeh yes.. I forgot the obvious 🙂
/K
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Under windows, Splunk runs as two services;
- splunkd
- splunkweb
You can view them with the service control manager (services.msc) or task manager (taskmgr.exe)
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
