Hi,

I have a question or problem. have you tested proc.get on windows? I like it a lot, but I'm not sure if it was thought of that processes on win in many cases have the same name and the same user. Maybe it's just my incompetence, but I didn't get further than generating a new item with the name of the service and the user, and its written value was a text in which all the metrics of the same name and with the same process account were listed.

Entry:

Record handles, memory consumption and cpu for individual processes in windows. Separate processes by name, user and pid. Avoid using scripts.

So I used: proc.get[<name>,<user>,<cmdline>,<mode>]​

I pushed it to the stage where I pig-headedly replaced the user parameter with a pid, which gave me a query definition for a unique item. The LDD was transformed into a name and the key was filled in correctly, I also added values to the tags, which is also a bomb, but the value of the item generated in this way is [] empty.

I was thinking about whether to go the dependent item route, both from the parent object in discovery and for example from the standard HTTP and JSON item as a dependent item, but I probably couldn't do that last night.
I've tried Preprocessing there too, no progress.

I don't want to go the PS and WMI route, it's a shame when I see that the guys have prepared it so nicely in "ZBX".

Source/parent item in LLD:

zabbix agent
key: proc.get

LLD macros:

{#CPUTIME_SYSTEM} $.cputime_system
{#CPUTIME_USER} $.cputime_user
{#HANDLES} $.handles
{#NAME} $.name
{#PAGE_FAULTS} $.page_faults
{#PID} $.pid
{#PPID} $.ppid
{#SID} $.sid
{#THREADS} $.threads
{#USER} $.user
{#VMSIZE} $.vmsize
{#WKSET} $.wkset

Item prototype

name: Proc {#NAME} of {#USER} PID: {#PID}
type: Zabbix agent
A - key: proc.get[{#NAME},,,process] ​
B - key: proc.get[{#NAME},{#USER},,process]
C - key: proc.get[{#NAME},{#USER},,process]

tags:

Handles {#HANDLES}
PID {#PID}
Workingset {#WKSET}

Followed case:
Let's follow the CSRSS.EXE process, which is displayed 4 times with the same name and user in Windows processes. Let's see how ZBX will behave when discovering these processes:

A - key: proc.get[{#NAME},,,process] ​
Here, the value of two processes that have the same threads is simply returned. I.e. they displayed 2 items with the same value thread 10 the other two are not displayed thread 9 and 11. The values for both show data from all 4 items

B - key: proc.get[{#NAME},{#USER},,process]
With this key, duplication under one process is masked and data for all 4 processes is loaded in the value of the generated item

C - key: proc.get[{#NAME},{#USER},,process]

With this key, an item is created correctly for each of the 4 processes with the same name and user, but it is not filled with data - []. however, the ags are correctly and correctly filled with the searched values.



What is the question of how to correctly further parse the text information for the B key variant or how to generate new items from the values in the tag for the C variant or to start saving the tag values.

I tested something with the <cmdline> item but it didn't show any good results.

Is there some way around it that I'm just not seeing? It doesn't seem to me that developers don't realize that processes in windows can have the same user and name and differ only in PID.

thx
​