Monitoring Windows Performance Counters

Last Updated On November 19, 2017
You are here:


Sonar v0.1.8 or higher


The following monitoring scenarios should be considered:

  • Modernized Windows applications on Docker or Kubernetes.
  • Traditional Windows applications on virtual machine or host.

These scenarios are useful for monitoring life and safety metrics for your applications using telemetry which cannot be collected by Docker or Kubernetes.

Benefits and Liabilities

The following benefits and liabilities should be considered before monitoring performance counters with Sonar:


  • Minimal performance impact – reading counters is the most efficient technique for collecting Windows metrics and detecting issues with near zero CPU cost.
  • Portability across Windows platform – the metric collection uses Windows performance data helper (PDH) library that is part of Windows OS, including Nano Server container images.
  • Cloud-native collection – Sonar supports exposing collected metrics to Prometheus or InfluxDb (via UDP).
  • Deployment symmetry – ¬†Sonar agent can be deployed as Windows service on container (including NanoServer with process isolation) or target host.
  • Using either Prometheus Alert Manager or InfluxData TICK stack enables anomaly detection and machine learning for collected metrics.


  • Prometheus or InfluxDb are required for storing metrics collected by Sonar.
  • Sonar deployment in container requires configuring path to list of counters that should be scraped on periodic intervals.
  • Only local performance counters defined in Windows container or host OS can be collected.


Configure Input Adapter

The below configuration shows how to register performance counter input adapter:

<add name=”perfmon” providerName=”mspdh” connectionString=”Server=myserver;”/>

Configure Output Adapter

This step is required only collected metrics should be sent to InfluxDb time series database. To complete this step, add adapter configuration definition as shown below:

<add name=”influxdb” connectionString=”Data Source = udp://;Initial Catalog=sonar;User Id =; Password =; Application Name = default;Max Pool Size=100;Packet Size=4094;Connection Timeout=10″/>

Define Metrics Query

Below is an example of query to collect all counters associated with Windows process:

<add name=”Perfmon_Process” type=”raw” filter=”*”resource=”.” namespace=”Process”>
<add name=”name” value = “name”/>
<add name=”processor_time” value=”% Processor Time”/>
<add name=”user_time” value=”% User Time”/>
<add name=”handle_count” value=”Handle Count”/>
<add name=”private_bytes” value=”Private Bytes”/>
<add name=”working_set” value=”Working Set”/>
<add name=”thread_count” value=”Thread Count”/>
Note that tag mapping to value “name” is required to gather name of the process or key associated multi-instance counter.
Below is example of definition for single instance counter:
<add name=”Perfmon_Memory” type=”raw” filter=””
<add name=”name” value = “name”/>
<add name=”available_bytes” value=”Available Bytes”/>
<add name=”committed_bytes” value=”Committed Bytes”/>
As you can see, the value of filter attribute is empty due the fact that unlike process counter, this one only has single instance.

Create Schedule

The below example configures Sonar to execute the above query every 10 seconds and expose collected metrics to Prometheus:
<add name=”s01″query=”Perfmon_Process” input=”perfmon” intervalSeconds=”10″/>
The below example shows how to use the same schedule to send output to InfluxDb:
<add name=”s01″ query=”Perfmon_Process” input=”perfmon” intervalSeconds=”10″ output=”influxdb”/>
The name of output adapter is defined in connection strings section shown above.

Deploy Sonar

After Sonar is deployed on Nano Server container, Windows virtual machine or host, the above metrics will become available in Prometheus or InfluxDb. The below example shows metrics from performance counters described above from Windows Nano Server container (in-process isolation) in Grafana dashboard:

The bottom graph shows scrape performance in milliseconds for metric collection. In addition, the processor tie chart indicates that Sonar daemon (Sonard) consumes near zero CPU resources.