Skip to main content
Sumo Logic

Local Windows Performance Monitor Log Source

Set up a Local Windows Performance Monitor Log Source to collect performance data that you would normally see in the Windows Performance Monitor. Setting up a Local Windows Performance Monitor Log Source is a quick process. There are no prerequisites for setting up the Source, and you'll begin collecting logs within a minute or so.

Windows Performance Monitor Sources use the WMI Query Language (WQL) to collect data at a frequency you choose. To learn more, see Querying with WQL at MSDN.

To configure a Local Windows Performance Monitor Log Source:

  1. In Sumo Logic select Manage Data > Collection > Collection.
  2. Find the name of the installed Collector to which you’d like to add a Source. Click Add and then choose Add Source from the menu. 
  3. Click Windows Performance
  4. Choose Local for the Type of Windows Performance Source
  5. Set the following:
    • Name. Type the name to display for the new Source. Description is optional.
    • Frequency. Depending on your Windows system and its needs, select a frequency to run the selected queries. If your Windows system is relatively stable, a frequency of 15m should be appropriate. (Selecting a frequency of 1m could flood your system with logs and create an undesirable outcome.)
    • Source Category. Enter a string used to tag the output collected from this Source with searchable metadata. For example, typing web_apps tags all the logs from this Source in the sourceCategory field, so running a search on _sourceCategory=web_apps would return logs from this Source. For more information, see Metadata Naming Conventions.
  6. Processing Rules. (Optional.) To add rules or filters for the new source, click Add Rule. Enter a name, a filter, and select the type. Then click Apply.
  7. Perfmon Queries.Select from the provided default Perfom Queries, or create your own custom query. 

    • Click the query's check box to select it.
    • To add a custom query, click Add Query, enter a name and the query. Then click Add.
  8. When you are finished configuring the Source, click Save.

You can return to this dialog and edit the settings for the Source at any time.

Configuring sourceCategory using variables

In Collector version 19.216-22 and later, if you have a Docker Logs Source on the same Installed Collector where you are configuring the new Source, you can define the Source Category and Source Host, if the Source supports that field, for the new Source using system environment variables defined on the Collector’s host. To do so, specify the environment variables to include the metadata field in this form:


Where VAR_NAME is an environment variable name, for example:


You can use multiple variables, for example:

{{sys.PATH}} - {{sys.YourEnvVar}}

You can incorporate text in the metadata expression, for example:

AnyTextYouWant {{sys.PATH}} - {{sys.YourEnvVar}}

If a user-defined variable doesn’t exist, that portion of the metadata field will be blank.