Perfmon: The trouble with _Total
There are many useful tools, such as PAL, that can analyse and present Windows performance data but the Windows Performance Monitor application (AKA Perfmon) is often the first port of call when investigating performance issues.
A typical first pass with Perfmon will involve setting up a Data Collector Set which logs the relevant counters to a file for the required time period and then reviewing the collected data graphically using Perfmon. The ability to interactively hide/view and highlight individual counters and to zoom the time window in Perfmon provides a fast way to review the raw data and perform an initial triage of possible causes of performance problems. Perfmon does, however, have a poorly documented quirk in the way that it opens log files which can cause some confusion.
Microsoft’s official instructions for opening a log file in Perfmon involve starting Perfmon, specifying the log file to be used and then adding the counters to be displayed but, because the default performance log file format (BLG) is associated with the Perfmon application, it is also possible to double-click on a BLG log file. Doing so causes an instance of Perfmon to be started and a graph of counters displayed. It might appear, at first glance, that the file association method is a quick and convenient way to display every counter in the log file but all is not as it seems.
Although I have not been able to locate any definitive documentation, Microsoft appears to have decided to give users a ‘rationalised’ view of the data when log files are opened in this way. Based on some simple tests, the rationalisation criteria appear to be:
On many occasions, the _Total instances of performance counters are all that is needed to provide an insight into the overall workload but where a more granular inspection of resource utilisation is required it is necessary to either:
Sam joined Kainos in 1991 as a software developer but quickly moved into system administration. Working within the Enterprise Business Unit, his responsibilities as an Infrastructure Solution Architect include infrastructure design, technical oversight and consultancy. His current areas of interest include managed cloud services and security.
Sign up to the Kainos newsletter