I'm new to the Elastic Stack - forgive me if this is a "Captain Obvious" question. We want to monitor some key services such as DHCP Declines that can be indicative of trouble. I installed the metricbeat on our Windows 2012 R2 Domain Controller (DC) and after some trial and error banged out a modules.d\windows.yaml that contained some relevant counters (will post below).
In Discover view on Elastic side I do see some mention of 3 perfmon counters but its ugly when I click "visualize". Since there does not appear to be built in logic to "magically create" a dashboard as I see for metricbeat and winlogbeat on other items - is there a simple tutorial on how I might see these and perhaps add some other KPI's to a "Domain Controller Dashboard"?
Here are the counters I configured in the YAML file in case anyone else may look for similar:
Module: windows
Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.9/metricbeat-module-windows.html
-
module: windows
metricsets:- service
period: 1m
- service
-
module: windows
metricsets:- perfmon
period: 10s
perfmon.ignore_non_existent_counters: true
perfmon.group_measurements_by_instance: true
perfmon.queries:
- perfmon
- object: 'Process'
instance: ["svchost*", "conhost*"]
counters:
- name: 'Disk Writes/sec'
field: physical_disk.write.per_sec
format: "float"
- name: "% Disk Write Time"
- object: 'DHCP Server'
counters:- name: 'Declines/sec'
format: "float"
- name: 'Declines/sec'
- object: 'DHCP Server'
counters:- name: 'Requests/sec'
format: "float"
- name: 'Requests/sec'
- object: 'DHCP Server'
counters:- name: 'Offers/sec'
format: "float"
- name: 'Offers/sec'
- object: 'DHCP Server'
counters:- name: 'Releases/sec'
format: "float"
- name: 'Releases/sec'
Literally ANY guidance on how to easily lay out a visual on this would be great - many of the counters are zero (no declines are a GOOD thing) and we are small so often counters are zero or .8 / sec for example if that helps.