Distinguish which of the high number of svchost processes is affected #64
Comments
|
You need to enabled PIDness in perfmon to show it. It's a regedit done on
the system you collect data from.
https://techcommunity.microsoft.com/t5/ask-the-performance-team/perfmon-identifying-processes-by-pid-instead-of-instance/ba-p/374561
…On Tue, Jan 26, 2021 at 4:29 AM Jackie78De ***@***.***> wrote:
Hello,
I use PAL Reports frequently, but one thing that is really painful is the
fact that if you have high CPU usage caused by one of the numerous
svchost-processes, you actually only get a sequential number (i.e.
svchost#42), but no further information.
It would be really helpful if PAL reports would collect the Process ID and
the commandline parameters so that a user can find out which of the actual
hosted services is causing a problem. Without that information, it's only
guessing, or am I missing something? Could this be implemented?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#64>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACFOL6L3VWE222HT3BPEPF3S32DRLANCNFSM4WTEH3RA>
.
|
|
Sorry just noticed your command line comment. Perfmon is unable to
distinguish cmdline, ergo PAL cannot distinguish it. PAL is just
transforming blg/csv/tsv data into an HTML report. So we're limited by what
Perfmon can see (this is why for high CPU scenarios perfmon isnt very
helpful at times. What dll inside the process was high on CPU? Perfmon
can't tell. What stack/function? same issue).
On Tue, Jan 26, 2021 at 8:13 AM Jeff Stokes <[email protected]>
wrote:
… You need to enabled PIDness in perfmon to show it. It's a regedit done on
the system you collect data from.
https://techcommunity.microsoft.com/t5/ask-the-performance-team/perfmon-identifying-processes-by-pid-instead-of-instance/ba-p/374561
On Tue, Jan 26, 2021 at 4:29 AM Jackie78De ***@***.***>
wrote:
> Hello,
>
> I use PAL Reports frequently, but one thing that is really painful is the
> fact that if you have high CPU usage caused by one of the numerous
> svchost-processes, you actually only get a sequential number (i.e.
> svchost#42), but no further information.
>
> It would be really helpful if PAL reports would collect the Process ID
and
> the commandline parameters so that a user can find out which of the
actual
> hosted services is causing a problem. Without that information, it's only
> guessing, or am I missing something? Could this be implemented?
>
> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub
> <#64>, or unsubscribe
> <
https://github.com/notifications/unsubscribe-auth/ACFOL6L3VWE222HT3BPEPF3S32DRLANCNFSM4WTEH3RA
>
> .
>
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#64 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACFOL6NPA66YO2YR6P76AX3S325XLANCNFSM4WTEH3RA>
.
|
|
Yes, I agree that resolving the svchosts to their respective service names would be great, but unfortunately, counter logs do not contain that information. This is why I recommend using CLUE (http://github.com/clinthuffman/clue) which is my performnace data collection tool to collect the counter log, output of tasklist /svc, event logs, and ETW traces at the time of the high CPU, disk, or memory condition. CLUE is designed to be fully automatic and as low overhead as possible when collecting this data and is used frequently by Windows support teams around the world. Counter logs collected by CLUE can be analyzed by Perfmon and using the \Process(*)\ID Process, you can identify the process ID of the svchost which can be cross referenced in the tasklist output to resolve it to the service name. |
|
Also, the ETW trace that CLUE collects has all of the command line parameters for all of the processes. |
Hello,
I use PAL Reports frequently, but one thing that is really painful is the fact that if you have high CPU usage caused by one of the numerous svchost-processes, you actually only get a sequential number (i.e. svchost#42), but no further information.
It would be really helpful if PAL reports would collect the Process ID and the commandline parameters so that a user can find out which of the actual hosted services is causing a problem. Without that information, it's only guessing, or am I missing something? Could this be implemented?
The text was updated successfully, but these errors were encountered: