windows_exporter icon indicating copy to clipboard operation
windows_exporter copied to clipboard

Published 20 hours ago verified publisher icon prometheus-community

Adding Service name to processes if it exists

Open BongoEADGC6 opened this issue 3 years ago • 9 comments

This is in response to #483

BongoEADGC6 avatar Mar 21 '21 23:03 BongoEADGC6

@carlpett Ready for review

Example:

windows_process_page_file_bytes{creating_process_id="784",process="svchost",process_id="1172",service_display_name="Windows Time"} 5.431296e+06
windows_process_page_file_bytes{creating_process_id="784",process="svchost",process_id="1180",service_display_name="Network Store Interface Service"} 1.0166272e+07
windows_process_page_file_bytes{creating_process_id="784",process="svchost",process_id="11804",service_display_name="Windows Push Notifications User Service_5ece1971"} 1.0788864e+07
windows_process_page_file_bytes{creating_process_id="784",process="svchost",process_id="12048",service_display_name="Connected Devices Platform User Service_740d56fd"} 6.98368e+06
windows_process_page_file_bytes{creating_process_id="784",process="svchost",process_id="1248",service_display_name="Windows Connection Manager"} 6.30784e+06
windows_process_page_file_bytes{creating_process_id="784",process="svchost",process_id="1256",service_display_name="Network Connection Broker"} 5.996544e+06
windows_process_page_file_bytes{creating_process_id="784",process="svchost",process_id="1264",service_display_name="Time Broker"} 5.378048e+06
windows_process_page_file_bytes{creating_process_id="784",process="svchost",process_id="1308",service_display_name="DHCP Client"} 6.639616e+06
windows_process_page_file_bytes{creating_process_id="784",process="svchost",process_id="13156",service_display_name="Windows Push Notifications User Service_72959979"} 1.0039296e+07
windows_process_page_file_bytes{creating_process_id="784",process="svchost",process_id="1388",service_display_name="DNS Client"} 8.925184e+06
windows_process_page_file_bytes{creating_process_id="784",process="svchost",process_id="1444",service_display_name="CoreMessaging"} 5.578752e+06
windows_process_page_file_bytes{creating_process_id="784",process="svchost",process_id="1484",service_display_name="Storage Service"} 5.79584e+06
windows_process_page_file_bytes{creating_process_id="784",process="svchost",process_id="14856",service_display_name="Windows Push Notifications User Service_740d56fd"} 1.0170368e+07
windows_process_page_file_bytes{creating_process_id="784",process="svchost",process_id="1536",service_display_name="Windows Event Log"} 3.3878016e+07
windows_process_page_file_bytes{creating_process_id="784",process="svchost",process_id="1644",service_display_name="Remote Desktop Services UserMode Port Redirector"} 6.41024e+06

BongoEADGC6 avatar Mar 22 '21 15:03 BongoEADGC6

Hey @BongoEADGC6, Thanks for the contribution! As mentioned in a comment, I'm a bit concerned about the performance implications here. What do you think?

carlpett avatar Mar 24 '21 15:03 carlpett

@carlpett Understood, let me see what I can dig up.

BongoEADGC6 avatar Mar 24 '21 20:03 BongoEADGC6

@carlpett Sadly, I do no see a way to tie these things together via perflib. The other option that I can see is that we could utilize data from the service collector since that collector obtains the process id already.

This depends largely on the order in which the collectors run.

BongoEADGC6 avatar May 13 '21 16:05 BongoEADGC6

This depends largely on the order in which the collectors run.

Collectors are run asynchronously so collection order isn't deterministic :disappointed:

breed808 avatar May 16 '21 05:05 breed808

Okay, two other options:

  • Direct integration with the Windows APIs, probably EnumServicesStatusExA
  • Some form of caching solution. You'd need to get all services at startup, but also fallback to querying again if a new one appears

The first one would be better in many ways (and we should then use it for the service collector as well), but does involve a bit more low-level work. You could have a look at #702 for some inspiration.

carlpett avatar May 17 '21 06:05 carlpett

For what its worth I have an in-house branch that does this to satisfy a business requirement, I added a --collector.process.translate bool flag so if the service is found to be running as a service it returns the service name instead. It has not been an issue performance-wise and did not noticeably change the number of collector timeouts compared to control.

1sttec avatar May 21 '21 14:05 1sttec

@1sttec that sounds interesting, would you be comfortable making the branch public?

breed808 avatar Jun 10 '21 10:06 breed808

@1sttec that sounds interesting, would you be comfortable making the branch public? https://github.com/prometheus-community/windows_exporter/pull/978

We did try

trippinnik avatar May 16 '22 18:05 trippinnik

Closing due to age

BongoEADGC6 avatar Aug 24 '23 22:08 BongoEADGC6