Skip to main content
Sumo Logic

Remote Windows Performance Monitor Log Source

Set up a Remote Windows Performance Monitor Log Source to collect remote performance data you would normally see in the Windows Performance Monitor. Before collecting Windows performance data from a remote machine, you'll need to configure a few settings.

A Windows Performance Monitor Log Source collects the unique formats of Windows Events using the WMI (Windows Management Instrumentation) interface. You can configure a Windows Performance Monitor Log Source to collect from multiple remote machines by designating a comma-separated list of remote host names.

To configure a remote Windows Performance Monitor Log Source:

  1. Complete the prerequisites to collecting remote events.
  2. In Sumo Logic select Manage Data > Collection > Collection (Manage > Collection in the classic UI).
  3. Find the name of the installed Collector to which you'd like to add a Source. Click Add and then choose Add Source from the pop-up menu.
  4. Click Windows Performance
  5. Choose Remote for the Type of Windows Performance Source
  6. Set the following:
    • Name. Type the name to display for this Source in the Sumo Logic Web Application.
    • Description is optional.
    • Windows host(s). Enter one or more hostnames for the Windows machines from which you want to collect Windows Performance Monitor data. If you'd like to collect from more than one remote host, separate the hostnames with a comma. (If you enter more than one hostname, each host must have the same domain user. See Preconfiguring a Machine to Collect Remote Windows Performance Monitoring Logs for more information.) The hostname can be a maximum of 128 characters.
    • Frequency. Depending on your Windows system and its needs, select a frequency to run the selected queries. If your Windows system is relatively stable, a frequency of 15m should be appropriate. (Selecting a frequency of 1m could flood your system with logs and create an undesirable outcome.)
    • Source Category. Enter a string used to tag the output collected from this Source with searchable metadata. For example, typing web_apps tags all the logs from this in the sourceCategory field. For more information, see Metadata Naming Conventions.
    • Windows Domain. Type the name of the Windows Domain, the Username for this host, and the Password.
  7. Perfmon Queries. Select from the provided default Perfmon Queries, or create your own custom query.

  • Click the query's check box to select it.
  • To add a custom query, click Add Query, enter a name and the query. Then click Add.
  1. Processing Rules. (Optional.) To add processing rules for the new source, click Add Rule. Enter a name, a filter, and select the type. Then click Apply.
  2. When you are finished configuring the Source, click Save.

You can return to this dialog and edit the settings for the Source at any time.