Active Directory perfmon counter in metricbeat

Shaakxuur · April 6, 2023, 4:56pm

Hi!

I have two questions about Active Directory perfmon counters.
I´ve created some counters based on this article:

And in this article I have seen then that this syntax no longer exists:

Now I'm not sure how to change the old counters to the new format.
Old:

- module: windows
  metricsets: [perfmon]
  enabled: true
  period: 30s
  perfmon.ignore_non_existent_counters: true
  perfmon.group_measurements_by_instance: true
  perfmon.queries:
      #NTDS
    - instance_label: "instance.name"
      instance_name: "NTDS"
      measurement_label: "ntds.atq.threads.ldap"
      query: '\DirectoryServices(NTDS)\ATQ Threads LDAP'
    - instance_label: "instance.name"
      instance_name: "NTDS"
      measurement_label: "ntds.atq.threads.total"
      query: '\DirectoryServices(NTDS)\ATQ Threads Total'
    - instance_label: "instance.name"
      instance_name: "NTDS"
      measurement_label: "ntds.ds.directory.reads.sec"
      query: '\DirectoryServices(NTDS)\DS Directory Reads/sec'
    - instance_label: "instance.name"
      instance_name: "NTDS"
      measurement_label: "ntds.ds.threads"
      query: '\DirectoryServices(NTDS)\DS Threads in Use'
    - instance_label: "instance.name"
      instance_name: "NTDS"
      measurement_label: "ntds.ldap.active.threads"
      query: '\DirectoryServices(NTDS)\LDAP Active Threads'
    - instance_label: "instance.name"
      instance_name: "NTDS"
      measurement_label: "ntds.ldap.client.sessions"
      query: '\DirectoryServices(NTDS)\LDAP Client Sessions'
    - instance_label: "instance.name"
      instance_name: "NTDS"
      measurement_label: "ntds.ldap.bind.time"
      query: '\DirectoryServices(NTDS)\LDAP Bind Time'

My try:

- module: windows
  metricsets: [perfmon]
  period: 30s
  perfmon.ignore_non_existent_counters: true
  perfmon.group_measurements_by_instance: true
  perfmon.queries:
  - object: "DirectoryServices"
    Instance: "NTDS"
    counters:
    - name: "ATQ Threads LDAP"
  - object: "DirectoryServices"
    Instance: "NTDS"
    counters:
    - name: "ATQ Threads Total"
  - object: "DirectoryServices"
    Instance: "NTDS"
    counters:
    - name: "DS Directory Reads/sec"
  - object: "DirectoryServices"
    Instance: "NTDS"
    counters:
    - name: "DS Threads in Use"
  - object: "DirectoryServices"
    Instance: "NTDS"
    counters:
    - name: "LDAP Active Threads"
  - object: "DirectoryServices"
    Instance: "NTDS"
    counters:
    - name: "LDAP Client Sessions"
  - object: "DirectoryServices"
    Instance: "NTDS"
    counters:
    - name: "LDAP Bind Time"

Is that correct?

Second question:
How can I see these counters in Elastic/Kibana?

Thanks!!

Shaakxuur · April 25, 2023, 12:26pm

No one who can help?
Is there a good article where the differences are explained?

Shaakxuur · May 8, 2023, 1:42pm

Okay
We will try another way.
We will create a test system and install the Microsoft System Center environment there (-> Operation Manager).
The test version will run for 180 days, if it meets our requirements, then we will pay the license costs.

The ticket / question can be closed.

system · June 5, 2023, 3:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Metricbeat Active Directory (AD) performance metrics (perfmon) yaml build Beats metricbeat	10	2636	January 9, 2020
Perfmon help for metricbeat 6 beta Beats metricbeat	2	659	October 20, 2017
Metricbeat Windows Module 6.0.0-alpha2, Output question Beats metricbeat	6	1000	August 31, 2017
Windows Perfmon (DHCP) Dashboard Beats metricbeat	1	476	February 3, 2021
Metricbeat / windows - perfmon counter Beats metricbeat	2	340	May 17, 2019

Active Directory perfmon counter in metricbeat

Related topics