Skip to main content
Sumo Logic

Collect Logs for Windows Performance App

Configure a Collector and Source

To collect logs for the Windows Performance App, you will need:

  1. An Installed Collector.
  2. A Windows Performance Source, depending on your environment. Either one:
    1. Local Windows Performance Monitor Log Source
    2. Remote Windows Performance Monitor Log Source.

Add a Custom Query to the Windows Performance Source

To complete the configuration, you'll need to edit each Windows Performance Source you are using to collect logs to manually add a custom query.

  1. Go to Manage Data > Collection.
  2. Find the Collector and the Windows Performance Source.
  3. For the Source, click Edit.
  4. Under Perfmon Queries select the check boxes for these queries:
    • CPU
    • Physical Disk
    • Memory
    • Network
  5. Click Add Query.
    • For Name, enter CPU per Process.
    • For Query, enter select * from Win32_PerfFormattedData_PerfProc_Process.
  6. Click Save.