Skip to content

[windows/perfmon] - Expose match_by_parent_instance option for perfmon #15763

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

[windows/perfmon] - Expose match_by_parent_instance option for perfmon #15763

wants to merge 7 commits into from
+15 −1

Conversation

@VihasMakwana
Copy link
Contributor

@VihasMakwana VihasMakwana commented Oct 27, 2025
edited
Loading

Proposed commit message

Add match_by_parent_instance option to windows perfmon datastream.
This option defaults to true because it is enabled by default in beats.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

  1. Build package from this branch by running elastic-package build
  2. Add the newly built package to a policy on fleet
  3. Install the elastic agent on Windows with the policy
  4. Observe the windows.perfmon.instance values in default mode (It should show svchost, connhost etc.)
  5. Disable the match_parent_by_instance boolean and update the policy
  6. Observe the windows.perfmon.instance values in default mode (you should see svchost#1, svchost#2, connhost#2 etc.)

Related issues

Screenshots

The option on integrations page

WhatsApp Image 2025-11-07 at 00 54 12

Instance names with match_by_parent_instance enabled (default)

WhatsApp Image 2025-11-07 at 00 54 14 (1)

Instance names with match_by_parent_instance disabled

WhatsApp Image 2025-11-07 at 00 54 14 (2)

beat_rendered_config.yaml

WhatsApp Image 2025-11-07 at 00 54 14

@VihasMakwana VihasMakwana self-assigned this Oct 27, 2025
@VihasMakwana VihasMakwana added Team:Elastic-Agent-Data-Plane Agent Data Plane team [elastic/elastic-agent-data-plane] Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform] labels Oct 27, 2025
rdner
rdner reviewed Nov 3, 2025
View reviewed changes
@rdner rdner mentioned this pull request Nov 3, 2025
Open
@VihasMakwana VihasMakwana marked this pull request as ready for review November 5, 2025 13:44
@VihasMakwana VihasMakwana requested review from a team as code owners November 5, 2025 13:44
@elasticmachine
Copy link

elasticmachine commented Nov 5, 2025

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

@elasticmachine
Copy link

elasticmachine commented Nov 5, 2025

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)

@VihasMakwana VihasMakwana requested a review from rdner November 5, 2025 14:08
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Nov 5, 2025
edited
Loading

🚀 Benchmarks report

Package windows 👍(5) 💚(0) 💔(4)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
applocker_exe_and_dll 6134.97 4545.45 -1589.52 (-25.91%) 💔
applocker_packaged_app_execution 12195.12 9803.92 -2391.2 (-19.61%) 💔
forwarded 1221 928.51 -292.49 (-23.95%) 💔
windows_defender 11363.64 9615.38 -1748.26 (-15.38%) 💔

To see the full report comment with /test benchmark fullreport

rdner
rdner reviewed Nov 6, 2025
View reviewed changes
Copy link
Member

@rdner rdner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need testing steps in the description that would demonstrate that the rendered Filebeat configuration (can be acquired from Elastic Agent Diagnostics, path ./components/*/beat-rendered-config.yml) contains the right option in the right place.

@VihasMakwana
Copy link
Contributor Author

VihasMakwana commented Nov 6, 2025

@rdner Thanks! I'll attach some screenshots as well. I have them on my windows but it's not booting up. I'll update you once i do it.

@VihasMakwana VihasMakwana requested a review from rdner November 6, 2025 19:48
@VihasMakwana
Copy link
Contributor Author

VihasMakwana commented Nov 6, 2025

@rdner I've attached the screenshots to the PR description and added testing steps.

@elasticmachine
Copy link

elasticmachine commented Nov 6, 2025

💚 Build Succeeded

History

cc @VihasMakwana

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@orestisfl orestisfl Awaiting requested review from orestisfl orestisfl is a code owner automatically assigned from elastic/elastic-agent-data-plane

@faec faec Awaiting requested review from faec faec is a code owner automatically assigned from elastic/elastic-agent-data-plane

@rdner rdner Awaiting requested review from rdner

At least 1 approving review is required to merge this pull request.

Assignees

@VihasMakwana VihasMakwana

Labels

Integration:windows Windows Team:Elastic-Agent-Data-Plane Agent Data Plane team [elastic/elastic-agent-data-plane] Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@VihasMakwana @elasticmachine @rdner @andrewkroh