The SessionId can be used to gather a wealth of information about the user, device, connection, etc. This WQL query will populate the index with the process ID and SessionId. Wql = Select ProcessId, SessionId From Win32_Process Here is an excerpt from wmi.conf to do just that: To do this, we can look in WMI for this information. So, we need a way to link the unique process ID (called ID Process above) to a user name. However, we want to break this down by user. This previous nf stanza gathers the desired metrics for every process running on the server. Mode = multikv Step 2 – Identify which Process belongs to which User Here is a sample I use:Ĭounters = % Processor Time ID Process Working Set - Private IO Read Operations/sec IO Write Operations/sec The first thing to do is gather all the running processes and the desired metrics via nf.
This is useful in RDSH-based environments such as Citrix XenApp, Dell vWorkspace, Ericom, and more. This way, it is possible to determine power users or application resource hogs. A lot of administrators want to know which processes belong to which user and how much resource allocation is used by each of these processes.
Therefore, all these users are sharing the same resources available to the OS.
Splunk .conf sessions windows#
Microsoft Windows Remote Desktop Session Host (formerly Terminal Services) hosts multiple users on the same Windows Server Operating System.
0 kommentar(er)
