Votes:
I'd like to verify an WMI error/value PRTG is reporting with the WMI Tester. Which fields and classes are used by PRTG for the various sensors?
Created on Sep 13, 2010 10:13:28 AM by
Last change on Jan 5, 2023 8:18:34 AM by
1 Reply
Votes:
This article applies as of PRTG 24
This article provides WQL queries for the following WMI sensors, including Windows sensors that use the hybrid approach with WMI as fallback.
Note: WHERE parameters in chevrons must be replaced with your specific data. For example, instead of WHERE name ='<servicename>', you must use WHERE name = 'PRTG Server' if you want to inspect the Server service of PRTG.
Note: If not stated otherwise, the namespace used is root\CIMV2.
Note: If you compare strings that contain backslashes, you need to double the backslashes. See the following example:
Select * FROM Win32_Volume WHERE DeviceID LIKE '\\\\?\\Volume{bfffffff-4d8d-11e5-9bc2-806e6ffffffff}\\'
SELECT Name
FROM Win32_PerfRawData_IdePerfProvider_HyperVVirtualIDEControllerEmulated
SELECT Name
FROM Win32_PerfRawData_NvspNicStats_HyperVVirtualNetworkAdapter
SELECT Name
FROM Win32_PerfRawData_IdePerfProvider_HyperVVirtualIDEControllerEmulated
SELECT Name
FROM Win32_PerfRawData_StorageStats_HyperVVirtualStorageDevice
SELECT Name,ElementName,Description
FROM Msvm_ComputerSystem WHERE ProcessID<>NULL
Alternative:
SELECT Name
FROM Win32_PerfRawData_Counters_HyperVVirtualStorageDevice
SELECT ReadBytesPersec, WriteBytesPersec, ErrorCount
FROM Win32_PerfRawData_StorageStats_HyperVVirtualStorageDevice
SELECT Name,Timestamp_Sys100NS, PercentProcessorTime
FROM Win32_PerfRawData_PerfOS_Processor
WHERE Name <> '_Total'
SELECT Name, PercentProcessorTime
FROM Win32_PerfFormattedData_PerfOS_Processor
WHERE Name <> '_Total'
SELECT Name
FROM Win32_PerfFormattedData_W3SVC_WebService
SELECT TotalBytesReceived, TotalBytesSent, TotalGetRequests, TotalPostRequests,
TotalNotFoundErrors, TotalCGIRequests, TotalAnonymousUsers, TotalNonAnonymousUsers, TotalFilesReceived, TotalFilesSent, ServiceUptime
FROM Win32_PerfFormattedData_W3SVC_WebService
WHERE Name='<instancename>'
SELECT Name, BytesTotalPerSec
FROM Win32_PerfRawData_Tcpip_NetworkAdapter
SELECT Name, BytesTotalPerSec
FROM Win32_PerfRawData_Tcpip_NetworkInterface
SELECT Description, IPAddress, MACAddress
FROM Win32_NetworkAdapterConfiguration
WHERE Description LIKE '<adaptername>'
AND IPEnabled=true AND MACAddress is not NULL
with <adaptername> being replaced with the name of one of the entries that were found with the name-query.
SELECT BytesReceivedPersec,BytesSentPerSec,PacketsPerSec
FROM Win32_PerfRawData_Tcpip_NetworkAdapter
WHERE Name = '<adaptername>'
SELECT BytesReceivedPersec,BytesSentPerSec,PacketsPerSec
FROM Win32_PerfRawData_Tcpip_NetworkInterface
WHERE Name = '<adaptername>'
with <adaptername> being replaced with the name of one of the entries that were found with the name-query.
SELECT percentusage
FROM Win32_PerfFormattedData_PerfOS_PagingFile
WHERE Name='_Total'
SELECT Name
FROM Win32_PerfRawData_PerfDisk_PhysicalDisk
SELECT ThreadCount,HandleCount,PrivateBytes,
WorkingSet,PercentProcessorTime,
PageFaultsPerSec,Timestamp_Sys100NS,IDProcess
FROM Win32_PerfRawData_PerfProc_Process
WHERE Name ='<executablename>'
OR Name LIKE '<executablename>'
SELECT LastBootUpTime,LocalDateTime
FROM Win32_OperatingSystem
SELECT Name, LogFilename, Filename, NumberOfRecords
FROM Win32_NTEventlogFile
Note: The WMI Event Log sensor has a rather complex WHERE statement that is assembled according to the various filter inputs. For clarity, we leave out this WHERE statement here. But keep in mind that querying the eventlog class unfiltered can take up considerable amounts of time.
SELECT TimeGenerated,Message
FROM Win32_NTLogEvent
SELECT MessagesDeliveredPersec,MessagesSentPersec,MessagesSubmittedPersec,
MessagesQueuedForSubmission, AverageDeliveryTime
FROM Win32_PerfRawData_MSExchangeIS_MSExchangeISMailbox
SELECT RPCRequests,RPCAveragedLatency,RPCOperationsPersec,RPCNumofSlowPackets
FROM Win32_PerfRawData_MSExchangeIS_MSExchangeIS
SELECT DatabasePageFaultsPersec,LogRecordStallsPersec,LogThreadsWaiting,
DatabaseCacheSizeMB, DatabaseCachePercentHit
FROM Win32_PerfRawData_ESE_MSExchangeDatabase
SELECT RPCLatencyaveragemsec,RPCRequestsoutstanding,ROPRequestsoutstanding,
RPCRequestsfailed, RPCRequestssentPersec,RPCSlowrequests,RPCSlowrequestslatencyaveragemsec
FROM Win32_PerfRawData_MSExchangeStoreInterface_MSExchangeStoreInterface
SELECT Lastmodified,Filesize
FROM CIM_LogicalFilFree Disk Space e
WHERE Drive ='<driveletter>:'
AND Path='<path>'
AND Filename = '<filename>'
AND Extension = '<ext>'
SELECT DriveType,DeviceID,FreeSpace,Size,VolumeName
FROM Win32_LogicalDisk
WHERE DriveType=3
SELECT DriveType,DeviceID,FreeSpace,Size,VolumeName
FROM Win32_LogicalDisk
WHERE DeviceID='<driveletter>:'
namespace = 'root\WMI'
SELECT InstanceName, VendorSpecific
FROM MSStorageDriver_ATAPISmartData
namespace = 'root\cimV2'
SELECT Size, PNPDeviceID, SerialNumber, Name
FROM Win32_DiskDrive
SELECT Size, PNPDeviceID, Name
FROM Win32_DiskDrive
namespace = 'root\WMI';
SELECT InstanceName, VendorSpecific
FROM MSStorageDriver_ATAPISmartData
SELECT Name
FROM Win32_PerfFormattedData_PerfDisk_LogicalDisk
SELECT FreePhysicalMemory,TotalVisibleMemorySize
FROM Win32_OperatingSystem
SELECT AvailableKBytes
FROM Win32_PerfFormattedData_PerfOS_Memory
and
Select TotalPhysicalMemory
FROM Win32_LogicalMemoryConfiguration
SELECT ServiceName,DisplayName
FROM SQLService
WHERE SQLServiceType = 1
SELECT PrimaryAddressResolutionStatus, Statuscode, Responsetime
FROM Win32_PingStatus
WHERE Address='<targetaddress>'
AND BufferSize='<buffersize>'
AND Timeout='<timeout+000>'
namespace = 'root\SecurityCenter2'
SELECT DisplayName, instanceGUID, PathToSignedProductExe
FROM AntivirusProduct
SELECT DisplayName, instanceGUID, PathToSignedProductExe
FROM AntiSpywareProduct
SELECT DisplayName, instanceGUID, PathToSignedProductExe
FROM FirewallProduct
namespace ='root\SecurityCenter'
SELECT DisplayName
FROM AntivirusProduct
SELECT productState
FROM '<antivirtype>' Product
WHERE DisplayName = '<displayname>'
SELECT OnAccessScanningEnabled, ProductUpToDate
FROM '<antivirtype>' Product
WHERE DisplayName = '<displayname>'
SELECT Name,Caption,Description
FROM Win32_Service
SELECT Started,State,Status
FROM Win32_Service
WHERE Name='<servicename>'
SELECT Name,Description,Type
FROM Win32_Share
SELECT Status
FROM Win32_Share
WHERE Name = '<sharename>'
SELECT Name
FROM Win32_PerfFormattedData_MicrosoftWindowsSharePointMicrosoftSharePointFoundation4_SharePointFoundation
SELECT Name
FROM Win32_PerfFormattedData_W3SVC_WebService
SELECT ActiveThreads,CurrentPageRequests,ExecutingSqlQueries,GlobalHeapSize,
ObjectCacheAlwaysLiveSize,TemplateCacheSize,ProcessID
FROM Win32_PerfFormattedData_MicrosoftWindowsSharePointMicrosoftSharePointFoundation4_SharePointFoundation
WHERE Name='<processname>'
SELECT ProcessID
FROM Win32_PerfFormattedData_MicrosoftWindowsSharePointMicrosoftSharePointFoundation4_SharePointFoundation
WHERE ProcessID<>0
SELECT IDProcess,PercentProcessorTime
FROM Win32_PerfRawData_PerfProc_Process
WHERE Name='_Total'
SELECT PercentProcessorTime
FROM Win32_PerfFormattedData_PerfProc_Process
WHERE IDProcess ='<processid>'
SELECT Day,Month,Year,Hour, Minute, Second FROM Win32_UTCTime
SELECT DeviceID, DriveLetter, Name, Label, DriveType, FileSystem
FROM Win32_Volume
SELECT DeviceID, FreeSpace,Capacity
FROM Win32_Volume
WHERE DeviceID LIKE '<deviceid>'
SELECT Driveletter, FreeSpace,Capacity
FROM Win32_Volume
WHERE Driveletter LIKE '<driveletter>'
Created on Sep 13, 2010 10:31:47 AM by
Last change on Nov 14, 2024 4:10:56 PM by
Add comment