Active Directory perfmon counter in metricbeat

Elastic Stack Beats
1

Hi!

I have two questions about Active Directory perfmon counters.
I´ve created some counters based on this article:

And in this article I have seen then that this syntax no longer exists:

Now I'm not sure how to change the old counters to the new format.
Old:

- module: windows
  metricsets: [perfmon]
  enabled: true
  period: 30s
  perfmon.ignore_non_existent_counters: true
  perfmon.group_measurements_by_instance: true
  perfmon.queries:
      #NTDS
    - instance_label: "instance.name"
      instance_name: "NTDS"
      measurement_label: "ntds.atq.threads.ldap"
      query: '\DirectoryServices(NTDS)\ATQ Threads LDAP'
    - instance_label: "instance.name"
      instance_name: "NTDS"
      measurement_label: "ntds.atq.threads.total"
      query: '\DirectoryServices(NTDS)\ATQ Threads Total'
    - instance_label: "instance.name"
      instance_name: "NTDS"
      measurement_label: "ntds.ds.directory.reads.sec"
      query: '\DirectoryServices(NTDS)\DS Directory Reads/sec'
    - instance_label: "instance.name"
      instance_name: "NTDS"
      measurement_label: "ntds.ds.threads"
      query: '\DirectoryServices(NTDS)\DS Threads in Use'
    - instance_label: "instance.name"
      instance_name: "NTDS"
      measurement_label: "ntds.ldap.active.threads"
      query: '\DirectoryServices(NTDS)\LDAP Active Threads'
    - instance_label: "instance.name"
      instance_name: "NTDS"
      measurement_label: "ntds.ldap.client.sessions"
      query: '\DirectoryServices(NTDS)\LDAP Client Sessions'
    - instance_label: "instance.name"
      instance_name: "NTDS"
      measurement_label: "ntds.ldap.bind.time"
      query: '\DirectoryServices(NTDS)\LDAP Bind Time'

My try:

- module: windows
  metricsets: [perfmon]
  period: 30s
  perfmon.ignore_non_existent_counters: true
  perfmon.group_measurements_by_instance: true
  perfmon.queries:
  - object: "DirectoryServices"
    Instance: "NTDS"
    counters:
    - name: "ATQ Threads LDAP"
  - object: "DirectoryServices"
    Instance: "NTDS"
    counters:
    - name: "ATQ Threads Total"
  - object: "DirectoryServices"
    Instance: "NTDS"
    counters:
    - name: "DS Directory Reads/sec"
  - object: "DirectoryServices"
    Instance: "NTDS"
    counters:
    - name: "DS Threads in Use"
  - object: "DirectoryServices"
    Instance: "NTDS"
    counters:
    - name: "LDAP Active Threads"
  - object: "DirectoryServices"
    Instance: "NTDS"
    counters:
    - name: "LDAP Client Sessions"
  - object: "DirectoryServices"
    Instance: "NTDS"
    counters:
    - name: "LDAP Bind Time"

Is that correct?

Second question:
How can I see these counters in Elastic/Kibana?

Thanks!!

2

No one who can help?
Is there a good article where the differences are explained?

3

Okay
We will try another way.
We will create a test system and install the Microsoft System Center environment there (-> Operation Manager).
The test version will run for 180 days, if it meets our requirements, then we will pay the license costs.

The ticket / question can be closed.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.