-
Home
- Studio Monitors with Content 11
WMI Query
The WMI Query Monitor allows you to execute a WQL query against a Windows host and analyze its result. A typical WQL query has the following syntax:
SELECT DeviceID,Size FROM Win32_LogicalDisk
The result of the WQL query is a semicolon-separated list where each row represents an instance:
C:;238846734336;
D:;479967834112;
E:;366997504;
The result can be analyzed through a wide range of tools (Dynamic Object, Numeric Value Extraction, Text Pre-Processing, String Search, and Value Map).
Refer to the table below to know how to configure the WMI Query Monitor:
| Property | Description |
|---|---|
| WMI Query | WMI query to be run. You can use WMI CIM Studio to build your query. |
| Namespace | WMI namespace the query must be executed in (example: root\cimv2). |
| Display Name | Name to identify the WMI Query Monitor instance in TrueSight Operations Management. |
| Internal ID | ID to be used to store the WMI Query Monitor configuration in the PATROL Agent configuration. This Internal ID is automatically generated based on the Display Name provided but can be edited if needed. |
| Collect Schedule | How often new data is collected. A new collect can be performed from once every second, to once in a day. By default, the collect schedule is set to 2 minutes. |
| Timeout After | Time in seconds after which the WMI query will be stopped (Default: 30 seconds). If the query times out, a collection error will be triggered either on the Status parameter or the Template's Collection Error Count parameter. |
Once you are done with the configuration, you can run a Dry Run to simulate the execution of this Monitor on a specific host and therefore verify that the output is conform to the expected result.
Finally, you can define where alerts are reported, the threshold alert values, and the alert severity levels for the Monitor:
-
Indicate if you want Monitoring Studio X to report Monitor Errors in The Monitor's Status Parameter or The Template's Collection Error Count Parameter (default).
-
Then, for each parameter, define up to three alarm ranges (Alarm #1, Alarm #2 and Out-of-range) each with a minimum and a maximum value:
- Use the Alarm #1 and Alarm #2 options to define the range of parameter values that triggers warnings and alarms.
- Use the Out-of-range border conditions to be informed when the collected values are outside the norm (less than or greater than the defined range limits).
Refer to the Configuring Alerts for details and to Studio WMI Query for more information about the parameters available and the thresholds set by default.