Skip to main content
Sumo Logic

Local Windows Performance Monitor Log Source

Set up a Local Windows Performance Monitor Log Source to collect performance data that you would normally see in the Windows Performance Monitor. Setting up a Local Windows Performance Monitor Log Source is a quick process. There are no prerequisites for setting up the Source, and you'll begin collecting logs within a minute or so.

Windows Performance Monitor Sources use the WMI Query Language (WQL) to collect data at a frequency you choose. To learn more, see Querying with WQL at MSDN.

To configure a Local Windows Performance Monitor Log Source:

  1. In Sumo Logic select Manage Data > Collection > Collection.
  2. Find the name of the installed Collector to which you’d like to add a Source. Click Add and then choose Add Source from the menu. 
  3. Click Windows Performance
  4. Choose Local for the Type of Windows Performance Source
  5. Set the following:
    • Name. Type the name to display for the new Source. Description is optional.
    • Frequency. Depending on your Windows system and its needs, select a frequency to run the selected queries. If your Windows system is relatively stable, a frequency of 15m should be appropriate. (Selecting a frequency of 1m could flood your system with logs and create an undesirable outcome.)
  6. Processing Rules. (Optional.) To add rules or filters click Add Rule. Enter a name, a filter, and select the type. Then click Apply.
  7. Perfmon Queries.Select from the provided default Perfom Queries, or create your own custom query. 

    • Click the query's check box to select it.
    • To add a custom query, click Add Query, enter a name and the query. Then click Add.
  8. When you are finished configuring the Source, click Save.

You can return to this dialog and edit the settings for the Source at any time.

Configuring sourceCategory using variables

Collector versions 19.216-22 and later allow you to define Source Category and Source Host metadata values with system environment variables from the host machine.

When configuring your Source, specify the system environment variables by prepending sys. and wrapping them in double curly brackets {{}} in this form:

{{sys.VAR_NAME}}

Where VAR_NAME is an environment variable name, for example:

{{sys.PATH}}

You can use multiple variables, for example:

{{sys.PATH}}-{{sys.YourEnvVar}}

environment variable usage.png

You can incorporate text in the metadata expression, for example:

AnyTextYouWant_{{sys.PATH}}_{{sys.YourEnvVar}}

If a user-defined variable doesn’t exist, that portion of the metadata field will be blank.