Part 1.[Overview] ElasticSearch, Kibana, Logstash, and Windows Metrics over PowerShell TCP Connections

logstash

Part 1.[Overview] ElasticSearch, Kibana, Logstash, and Windows Metrics over PowerShell TCP Connections
Part 2.[PSJSON] The Powershell JSON TCP Connection
Part 3.[PSGet-Counter] The Powershell Get-Counter cmdlet

You want to monitor performance metrics on your Windows machines. You want to play in the open source world, and have found that there are no good documented ways to gather perf metrics on Windows and ship them over to logstash.

I’ve spend a little time working this out. This idea got started when I came across this post over at outsideIT.
The solution is to use the Task Scheduler to run a Powershell script on an interval. This Powershell script will take any given performance metric and ship it to logstash over a TCP connection. That data (in this case, a JSON source) will get dropped into Elasticsearch and then displayed in Kibana for your viewing pleasure.

Here iss the high-level overview:

Windows machine->Powershell Scheduled Task->Output of Get-Counter->TCP Socket opened to Logstash server->JSON data sent to Logstash->Logstash conf receives->Sends to Elasticsearch->Displayed in Kibana.

Here is the github repo

Here are some assumptions:

1) You have a working ELK server. If you don’t, get one going.
2) You have a Windows machine with Powershell 4. If you dont, install it.
3) You have a vague idea of what I am talking about.

What you get is output something like this:

elk