Event log and performance counters correlation RRS feed

  • General discussion

  • Anyone else often having a need to correlate multiple log sources such as event log or various log files with performance counters when troubleshooting Windows machines?

    For example, we had a case of memory and CPU performance peaking periodically, only to realize it was because of one indexing service was accessing data remotely on server. The way we figure that one is by looking into Security event log and see many login events from that indexing service's account during performance peaking periods.

    It took us a while to get to this so I am wondering is there a tool that auto-correlates performance counter deviation with logs appearing during that time? I know there are many log analyzers out there, but they mostly seem to be SIEM oriented and none has performance counter correlation feature.
    Thursday, September 17, 2020 9:24 AM