Part 3.[PSGet-Counter] The Powershell Get-Counter cmdlet

logstash

Part 1.[Overview] ElasticSearch, Kibana, Logstash, and Windows Metrics over PowerShell TCP Connections
Part 2.[PSJSON] The Powershell JSON TCP Connection
Part 3.[PSGet-Counter] The Powershell Get-Counter cmdlet

In the github repo, let’s take a look at the actual counters that are being sent.

We have Network, CPU, Disk and Pages counters.

We will look at the Network counters. Mind you there are lots of metrics you can monitor.

Here are the metrics we are looking at:

$NetworkSent = ((Get-counter Counter “\Network Interface(*)\Bytes Received/sec” SampleInterval 1 MaxSamples 1).countersamples | select-object Property @{ expression={$_.Path}; label=“Host Performance Query”},@{ expression={ $_.CookedValue}; label=“Network Bytes Received”}) | WhereObject {$_.“Network Bytes Sent” -ne 0} | convertto-json

$NetworkSent = ((Get-counter Counter “\Network Interface(*)\Bytes Sent/sec” SampleInterval 1 MaxSamples 1).countersamples | select-object Property @{ expression={$_.Path}; label=“Host Performance Query”},@{ expression={ $_.CookedValue}; label=“Network Bytes Sent”}) | WhereObject {$_.“Network Bytes Sent” -ne 0} | convertto-json

I happily give these the $NetworkReceived and $NetworkSent variables, respectively.

 

We’ll break it down.
Get-counter -Counter “\Network Interface(*)\Bytes Received/sec”
This will get the performance counter for the bytes received at the time of sampling. This will return ALL network adapters listed in the system. We filter it to active adapters later in the command.

(… -SampleInterval 1 -MaxSamples 1).countersamples
This is where you can modify the interval (in seconds) of the actual sample time or the amount of samples you want to return. Let’s say you wanted to sample for a 5 second stretch every time the script is run, you can change the -SampleInterval 5 argument.

select-object -Property @{ expression={$_.Path}; label=”Host Performance Query”},@{ expression={ $_.CookedValue}; label=”Network Bytes Sent”}
Here we are selecting the Path and the CookedValue properties of the Get-Counter and we are renaming them to ‘human readable’ names so we can sort them better in Kibana, not to mention we don’t want properties to overlap in Kibana. So we sort them on the send.

WhereObject {$_.“Network Bytes Sent” -ne 0}
Here we filter the return to only adapters that have activity. This makes sure that your not getting silly adapters that you don’t want to measure getting sent out to Logstash.

ConvertTo-Json
Lastly, we convert this output to JSON so that we can tell Logstash what kind of data is incoming.

These then get added to a variable which can be packaged for the function that wraps them in TCP and sends to logstash.