Performance Monitor (Perfmon)
Access: Run perfmon
Functionality:
System performance monitoring
Create data collector sets
Generate performance reports
Track long-term system performance trends
Essential for in-depth performance analysis
From <https://claude.ai/chat/32155873-e13b-461c-ba7b-f4eb0c09aa09>
Explain Performance Monitor
Completed100 XP
3 minutes
The Performance Monitor is a Microsoft Management Console (MMC) snap-in that you can use to obtain system performance information. You can use this tool to analyze the performance effect that applications and services have on a computer, and you can use it to obtain an overview of system performance or collect detailed information for troubleshooting. The Performance Monitor includes the following features:
Monitoring Tools. The Monitoring Tools section contains the Performance Monitor, which provides a visual display of built-in Windows performance counters, either in real time or as historical data. The Performance Monitor includes the following features:
Multiple graph views
Custom views that you can export as data collector sets
The Performance Monitor uses performance counters to measure the system’s state or activity. The operating system includes some performance counters and individual applications might include additional performance counters. The Performance Monitor requests the current value of performance counters at specified time intervals, by default every second. You can add performance counters to the Performance Monitor by dragging and dropping the counters, or by creating a custom data collector set. The Performance Monitor features multiple graph views that enable you to have a visual review of performance log data. You can create custom views in the Performance Monitor that you then can export as data collector sets for use with performance and logging features.
Data collector sets. The data collector set is a custom set of performance counters, event traces, and system configuration data. After you create a combination of data collectors that describe useful system information, you then can save them as a data collector set, and then run and view the results. A data collector set organizes multiple data collection points into a single, portable component. You can use a data collector set on its own, group it with other data collector sets and incorporate it into logs, or view it in the Performance Monitor. You can configure a data collector set to generate alerts when it reaches thresholds. You also can configure a data collector set to run at a scheduled time, for a specific length of time, or until it reaches a predefined size. For example, you can run the data collector set for 10 minutes every hour during working hours to create a performance baseline. You also can set the data collector to restart when the collection reaches a set limit, so the Performance Monitor creates a separate file for each interval. Scheduled data collector sets collect data regardless of whether the Performance Monitor is started.
Reports. Use the Reports feature to view and generate reports from a set of counters that you create by using data collector sets. The Performance Monitor creates a new report automatically every time a data collector set runs.
From <https://learn.microsoft.com/en-us/training/modules/explore-support-diagnostic-tools/5-explain-performance-monitor>
Overview of Performance Monitor
You can use Performance Monitor to view performance data either in real time or from a log file. Create Data Collector Sets to configure and schedule performance counter, event trace, and configuration data collection so that you can analyze the results and view reports.
To begin, expand Monitoring Tools and click Performance Monitor, or expand Data Collector Sets or Reports.
The new Resource Monitor lets you view detailed real-time information about hardware resources (CPU, disk, network, and memory) and system resources (including handles and modules) in use by the operating system, services, and running applications. In addition, you can use Resource Monitor to stop processes, start and stop services, analyze process deadlocks, view thread wait chains, and identify processes locking files. 🛅
https://learn.microsoft.com/en-us/training/modules/monitor-troubleshoot-windows-client-performance/5-optimize-disk-memory-performance
Monitor Windows client performance
Task Manager
You can use the Performance tab in Task Manager to help to identify performance problems. The Performance tab displays a summary of CPU and memory usage, and network statistics.
Generally, you might consider using Task Manager when a performance-related problem first becomes apparent. For example, you might examine the running processes to determine if a particular program is using excessive CPU resources. Remember that Task Manager shows a snapshot of current resource consumption. You may need to examine historical data to get a better understanding of a server computer’s performance and response under load.
Resource Monitor
When the Resource Monitor first opens, the initial view is of the Overview tab. On the right side are four graphs: CPU, Disk, Network, and Memory. You can examine these graphs, looking for excessive peaks in CPU, Disk, Network, or Memory activity. In the main pane, you can examine details about each component by expanding each component’s information list. It lists each process that is running on the computer, and includes information about resource consumption for each process. For example, the number of threads and the percentage of CPU capacity in use displays for each running process.
Having determined that a particular component is causing a bottleneck, you can use the appropriate component tab to view more information. Remember that a snapshot of current activity, which Resource Monitor provides, tells only a partial story. For instance, you might see a peak in activity, which is not representative of average performance.
Performance Monitor
Performance Monitor features multiple graph views that give you a visual review of performance log data. You can create custom views in Performance Monitor that you can export as data collector sets for use with performance and logging features.
You can use data collector sets and the Performance Monitor tools to organize multiple data collection points into a single component that you can use to review or log performance. The Performance Monitor also includes default data collector set templates to help system administrators begin the process of collecting performance data.
In the Performance Monitor, under the Data Collector Sets node, you can use the User Defined node to create your own data collector sets. You can specify which objects and counters you want to include in the set for monitoring. To help you select appropriate objects and counters, you can use the following templates provided for monitoring:
System Diagnostics. This template selects objects and counters that report the status of hardware resources, system response time, and processes on the local computer, along with system information and configuration data. The report provides guidance on ways to optimize the computer’s responsiveness.
System Performance. This template generates reports that detail the status of local hardware resources, system response times, and processes.
WDAC Diagnostics. This template enables you to trace debug information for Windows Data Access Components.
You also can configure a data collector set to run at a scheduled time, for a specific length of time, or until it reaches a predefined size. For example, you can run the data collector set for 10 minutes every hour during working hours to create a performance baseline. You also can set the data collector to restart when set limits are reached, so that a separate file will be created for each interval.
You can use data collector sets and Performance Monitor tools to organize multiple data collection points into a single component that you can use to review or log performance. Performance Monitor also includes default data collector set templates to help system administrators begin the process of collecting performance data specific to a server role or monitoring scenario.
In Performance Monitor, beneath the Data Collector Sets node, you can use the User Defined node to create your own data collector sets. You can specify which specific objects and counters you want to include in the set for monitoring. To help you select appropriate objects and counters, you can access templates to use for monitoring, including:
System Diagnostics. Selects objects and counters that report the status of hardware resources, system response time, and processes on the local computer, along with system information and configuration data. The report provides guidance on ways to optimize the computer’s responsiveness.
System Performance. Generates reports that detail the status of local hardware resources, system response times, and processes.
WDAC Diagnostics. Enables you to trace debug information for Windows Data Access Components.
Note
It is not necessary for Performance Monitor to be running for data to be collected into a data collector set.
You can add many different performance counters to the Performance Monitor. Some performance counters are not often used. The following table shows the commonly used performance counters.
Counter
Usage
LogicalDisk\% Free Space
This counter measures the percentage of free space on the selected logical disk drive. Take note if this falls below 15 percent, because you risk running out of free space for the operating system to store critical files. One solution is to add more disk space.
PhysicalDisk\% Idle Time
This counter measures the percentage of time the disk was idle during the sample interval. If this counter falls below 20 percent, the disk system is saturated. You should consider replacing the current disk system with a faster one.
PhysicalDisk\Avg. Disk Sec/Read
This counter measures the average time, in seconds, to read data from the disk. If the number is larger than 25 milliseconds (ms), that means the disk system is experiencing latency when it is reading from the disk.
PhysicalDisk\Avg. Disk Sec/Write
This counter measures the average time, in seconds, it takes to write data to the disk. If the number is larger than 25 ms, the disk system experiences latency when it is writing to the disk.
PhysicalDisk\Avg. Disk Queue Length
This counter indicates how many I/O operations are waiting for the hard drive to become available. If the value is larger than two times the number of spindles, it means that the disk itself might be the bottleneck. If this counter indicates a possible bottleneck, consider measuring the Avg. Disk Read Queue Length and Avg. Disk Write Queue Length to try to determine if read or write operations are the cause.
Memory\Cache Bytes
This counter indicates the amount of memory that the file-system cache uses. There might be a disk bottleneck if this value is greater than 300 megabytes (MB).
Memory\% Committed Bytes in Use
This counter measures the ratio of Committed Bytes to the Commit Limit, or in other words, the amount of virtual memory in use. If the number is greater than 80 percent, it indicates insufficient memory.
Memory\Available Mbytes
This counter measures the amount of physical memory, in megabytes, available to run processes. If this value is less than 5 percent of the total physical random access memory (RAM), that means there is insufficient memory, which can increase paging activity.
Memory\Free System Page Table Entries
This counter indicates the number of page table entries not currently in use by the system. If the number is less than 5,000, there might be a memory leak.
Memory\Pool Non-Paged Bytes
This counter measures the size, in bytes, of the nonpaged pool. This is an area of system memory for objects that cannot be written to a disk, but instead must remain in physical memory for as long as they are allocated. If the value is greater than 175 MB (or 100 MB with a /3 gigabyte (GB) switch), then there is a possible memory leak.
Memory\Pool Paged Bytes
This counter measures the size, in bytes, of the paged pool. This is an area of system memory for objects that can be written to disk when they are not being used. There might be a memory leak if this value is greater than 250 MB (or 170 MB with the /3 GB switch).
Memory\Pages per Second
This counter measures the rate at which pages are read from or written to the disk to resolve hard-page faults. If the value is greater than 1,000 as a result of excessive paging, there might be a memory leak.
Processor\% Processor Time
This counter measures the percentage of elapsed time that the processor spends executing a non-idle thread. If the percentage is greater than 85 percent, the processor is overwhelmed, and the server might require a faster processor.
Processor\% User Time
This counter measures the percentage of elapsed time that the processor spends in user mode. If this value is high, the server is busy with the application.
Processor\% Interrupt Time
This counter measures the time that the processor spends receiving and servicing hardware interruptions during specific sample intervals. If the value is greater than 15 percent, this counter indicates a possible hardware issue.
System\Processor Queue Length
This counter indicates the number of threads in the processor queue. The server does not have enough processor power if the value is more than two times the number of CPUs for an extended period of time.
Network Interface\Bytes Total/Sec
This counter measures the rate at which bytes are sent and received over each network adapter, including framing characters. The network is saturated if more than 70 percent of the interface is consumed.
Network Interface\Output Queue Length
This counter measures the length of the output packet queue, in packets. There is network saturation if the value is more than 2.
Process\Handle Count
This counter measures the total number of handles that a process currently has open. This counter indicates a possible handle leak if the number is greater than 10,000.
Process\Thread Count
This counter measures the number of threads currently active in a process. There might be a thread leak if this number is more than 500 between the minimum and maximum number of threads.
Process\Private Bytes
This counter indicates the amount of memory that this process has allocated that it cannot share with other processes. If the value is greater than 250 between the minimum and maximum number of threads, there might be a memory leak.
From <https://learn.microsoft.com/en-us/training/modules/monitor-troubleshoot-windows-client-performance/4-monitor-windows-client-performance>
Here's a detailed explanation of the terms related to Performance Monitor:
Memory Terms:
Memory Leak: A condition where programs fail to release unused memory, leading to gradual memory consumption and performance degradation.
Paged Bytes: Memory content that can be moved to disk when not in active use, freeing up RAM.
Paged Pool: Part of virtual memory used for kernel objects that can be paged out to disk.
Kernel objects used for app operations (e.g., clipboard, memory for copying) are stored in virtual memory. A high load on the paged pool may cause system delays when transferring large data sets.
Excessive Paging: Frequent movement of data between RAM and disk due to insufficient physical memory, slowing performance.
Hard Page Faults: Occurs when data must be loaded from disk because it's not in RAM, causing delays.
Driver Verifier monitors Windows kernel-mode drivers and graphics drivers to detect illegal function calls or actions that might corrupt the system. Driver Verifier can subject Windows drivers to a variety of stresses and tests to find improper behavior. You can configure which tests to run, which allows you to put a driver through heavy stress loads or through more streamlined testing.
From <https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/driver-verifier>
CPU and Thread Terms:
Non-Idle Thread: Threads actively using CPU time, as opposed to idle threads.
CPU in User Mode: CPU executing code for applications (non-kernel tasks).
Hardware Interruption: CPU events triggered by hardware signals, temporarily halting tasks.
Threads in CPU Queue: Threads waiting for CPU time, indicating potential bottlenecks.
Network Terms:
Consumed Interface: Percentage of a network interface's capacity currently in use.
Saturated Network: A condition where network traffic exceeds available bandwidth, causing delays.
Byte Rate of the Network Adapter: Data transfer rate (in bytes) through the adapter.
Packets in Network Interface Queue: Packets waiting to be transmitted or received; high values indicate congestion.
Framing Characters: Control data that ensures packets are formatted correctly for transmission.
Resource Leaks and Usage:
Handle Count: Active object references (e.g., files, processes) managed by the OS.
Handle Leak: Unreleased handles over time, which can deplete system resources.
Thread Count: Number of active threads a process uses.
Thread Leak: Threads not terminated properly, consuming CPU and memory unnecessarily.
Private Bytes: RAM exclusively used by a process. Growth without release indicates a RAM leak.
Would you like a guide on monitoring specific counters in Performance Monitor?
From <https://chatgpt.com/c/6762fb7c-31a0-8010-b594-69293c08041d>
A Data Collector Set (DCS) in Performance Monitor is a group of performance counters, event traces, and configuration data collected for analysis over time.
How to Create a Data Collector Set:
Open Performance Monitor → Expand Data Collector Sets → Right-click User Defined → New → Data Collector Set.
Name it → Choose Create manually.
Select the types:
Performance Counter: Add counters like memory, disk, CPU.
Event Trace: Capture events.
System Configuration.
Define a log location → Finish.
Would you like help setting up scheduling for your Data Collector Set?
From <https://chatgpt.com/c/6762fb7c-31a0-8010-b594-69293c08041d>
Absolutely! To get started with Performance Monitor and gather meaningful data, follow these steps:
### Setting Up a Data Collector Set (DCS)
1. **Open Performance Monitor**: Press `Windows Key + R`, type `perfmon`, and press Enter.
2. **Create a Data Collector Set**:
- In the left pane, expand `Data Collector Sets`.
- Right-click `User Defined` and select `New` > `Data Collector Set`.
- Give your set a name (e.g., "Baseline Monitoring") and select `Create manually (Advanced)`.
- Click `Next`.
3. **Add Performance Counters**:
- Select `Performance counter` and click `Next`.
- Click `Add` to add counters.
- Add relevant counters like `Memory\Available MBytes`, `Memory\Pages/sec`, `Processor\% Processor Time`, and `LogicalDisk\% Disk Time`.
- Click `OK`, then `Next`.
4. **Set the Sample Interval**:
- Choose a sample interval (e.g., 15 seconds) to capture data frequently enough for meaningful analysis.
- Click `Next`.
5. **Specify Data Location**:
- Choose where to save the collected data.
- Click `Next`, then `Finish`.
### Starting and Stopping Data Collection
- **To Start**: Right-click your Data Collector Set and select `Start`.
- **To Stop**: Right-click your Data Collector Set and select `Stop` after your desired monitoring period.
### Analyzing the Data
- **Reviewing Results**:
- Navigate to `Reports` > `User Defined` > [Your Data Collector Set Name].
- Open the report to view collected data and analyze the performance metrics.
Establish your baseline by running the Data Collector Set during idle periods. Once you have your baseline data, you can run the same set during high-stress activities to compare and analyze any performance bottlenecks.
More details on setting up specific counters or interpreting the collected data? 😊
To gather relevant data for monitoring Paged RAM and related counters, aim for the following:
Recommended Monitoring Duration:
Short-Term Monitoring:
5–15 minutes: For quick testing under typical load conditions (e.g., when performing specific tasks like copy-paste).
Long-Term Monitoring:
1–2 hours: To analyze behavior during heavy workloads or sustained use (e.g., working with large files, multitasking).
8+ hours: Ideal for identifying trends over time or capturing intermittent spikes (use log collection).
Baseline Comparison:
Monitor during idle times to establish a baseline, then compare it to data under stress conditions.
Would you like guidance on setting up Performance Monitor logging for long-term monitoring?
From <https://chatgpt.com/c/6762fb7c-31a0-8010-b594-69293c08041d>