Set up a Local Windows Performance Monitor Log Source to collect performance data that you would normally see in the Windows Performance Monitor. Setting up a Local Windows Performance Monitor Log Source is a quick process. There are no prerequisites for setting up the Source, and you'll begin collecting logs within a minute or so.
Windows Performance Monitor Sources use the WMI Query Language (WQL) to collect data at a frequency you choose. To learn more, see Querying with WQL at MSDN.
To configure a Local Windows Performance Monitor Log Source:
- In Sumo Logic select Manage Data > Collection > Collection (Manage > Collection in the classic UI).
- Find the name of the installed Collector to which you’d like to add a Source. Click Add and then choose Add Source from the menu.
- Click Windows Performance.
- Choose Local for the Type of Windows Performance Source.
- Set the following:
- Name. Type the name to display for the new Source. Description is optional.
- Frequency. Depending on your Windows system and its needs, select a frequency to run the selected queries. If your Windows system is relatively stable, a frequency of 15m should be appropriate. (Selecting a frequency of 1m could flood your system with logs and create an undesirable outcome.)
- Source Category. Enter a string used to tag the output collected from this Source with searchable metadata. For example, typing web_apps tags all the logs from this Source in the sourceCategory field, so running a search on _sourceCategory=web_apps would return logs from this Source. For more information, see Metadata Naming Conventions.
- Processing Rules. (Optional.) To add rules or filters for the new source, click Add Rule. Enter a name, a filter, and select the type. Then click Apply.
- Perfmon Queries.Select from the provided default Perfom Queries, or create your own custom query.
- Click the query's check box to select it.
- To add a custom query, click Add Query, enter a name and the query. Then click Add.
- When you are finished configuring the Source, click Save.
You can return to this dialog and edit the settings for the Source at any time.