Your data. Anywhere you go.

New Relic for iOS or Android


Download on the App Store    Android App on Google play


New Relic Insights App for iOS


Download on the App Store


Learn more

Close icon

Relic Solution: How Windows Server Monitor Gathers Data

servers
wsm

#1

We often get questions on how Windows Server Monitor (WSM) gathers and computes the data that are displayed in the server charts. One of the issues that can arise for customers are empty charts. Occasionally, a chart will be empty and this is usually due to a failure of one of the data sources used by WSM.

How does this happen? WSM gathers almost all data via WMI queries. And missing chart data is usually due to failure with one of the queries - more on that later.

In the rest of this post, we will associate chart data with the corresponding WMI query. The query is shown as a powershell command so you can test the queries outside of WSM.

Memory

Get-WmiObject -Query "SELECT AvailableBytes, CommitLimit, CommittedBytes, ModifiedPageListBytes, StandbyCacheCoreBytes, StandbyCacheNormalPriorityBytes, StandbyCacheReserveBytes, FreeAndZeroPageListBytes FROM Win32_PerfRawData_PerfOS_Memory”

In the charts you will see the metric named “swap”. This is actually the ratio:

100*CommittedBytes/CommitLimit.

CPU

Get-WmiObject -Query "SELECT PercentPrivilegedTime,PercentUserTime,TimeStamp_Sys100NS FROM Win32_PerfRawData_PerfOS_Processor WHERE Name = '_Total'”

Network

2008 and Earlier

Get-WmiObject -Query "SELECT Name, BytesSentPersec, BytesReceivedPersec, PacketsSentPersec,PacketsReceivedPersec, PacketsOutboundErrors,PacketsReceivedErrors, TimeStamp_Sys100NS, Frequency_Sys100NS FROM Win32_PerfRawData_Tcpip_NetworkInterface"

2012 and Later

Get-WmiObject -Query "SELECT Name, BytesSentPersec, BytesReceivedPersec, PacketsSentPersec,PacketsReceivedPersec, PacketsOutboundErrors,PacketsReceivedErrors, TimeStamp_Sys100NS, Frequency_Sys100NS FROM Win32_PerfRawData_Tcpip_NetworkAdapter"

These queries will return information for all interfaces. You can add clauses WHERE Name= or WHERE Name LIKE to specify a particular interface.

Disk

Get-WmiObject -Query "SELECT Name, DiskReadBytesPersec,DiskWriteBytesPersec, DiskReadsPersec,DiskWritesPersec, AvgDiskSecPerRead,AvgDiskSecPerRead_Base, AvgDiskSecPerWrite,AvgDiskSecPerWrite_Base, TimeStamp_Sys100NS,Frequency_Sys100NS FROM Win32_PerfRawData_PerfDisk_LogicalDisk"

And:

Get-WmiObject -Query "SELECT PercentDiskReadTime,PercentDiskWriteTime FROM Win32_PerfFormattedData_PerfDisk_LogicalDisk"

And:

Get-WmiObject -Query "SELECT VolumeName,Size,FreeSpace FROM Win32_LogicalDisk"

And:

Get-WmiObject -Query "SELECT DeviceID FROM Win32_LogicalDisk WHERE DriveType = 3"

Processes

WSM makes calls to GetProcesses() and GetProcessByID() to gather process info rather than making direct WMI calls.

Processor

Get-WmiObject -Query "SELECT DeviceId,Name,Architecture,Manufacturer,MaxClockSpeed,L2CacheSize FROM Win32_Processor"

OS

Get-WmiObject -Query "SELECT Caption FROM Win32_OperatingSystem"

Troubleshooting

If a WSM chart is empty then try the appropriate powershell query above. If it fails then you likely have a corrupt WMI installation. WMI in turn depends on Windows performance counters to be enabled and in a healthy state.

  • You can check the state of performance counters with the following command: lodctr /q > lodctr-q.txt

  • This article explains the use of the lodctr command in troubleshooting and repairing performance counters.

  • Some customers have had luck repairing performance counters with this command: lodctr /r

  • WMIDiag is a third party tool that can help diagnose WMI issues.

  • In general, you should contact Microsoft to diagnose and solve WMI issues.

  • Missing chart data might also be due to an unsupported device such as a network drive or unsupported file system, e.g. ReFS.