locked
Powershell Task Manager I/O Read RRS feed

  • Question

  • Hi Guys


    I need some help with a problem I have. I need to read the process that has the most I/O Read Bytes, I/O Write Bytes and I/O Other Bytes in Task Manager.

    I know how to get the top Memory (Private Working Set)


    Get-process | Sort PrivateMemorySize -Descending | Select Name,PrivateMemorySize -First 5

    I have a process that is called BESConsole, so i tried to see what properties it has:

    PS C:\Users\EXI170> Get-process | Where-Object ProcessName -EQ BESConsole | Get-ItemProperty
    
    
        Directory: C:\Program Files (x86)\BigFix Enterprise\BES Console
    
    
    Mode                LastWriteTime     Length Name                                                                    
    ----                -------------     ------ ----                                                                    
    -a---        15/07/2015  20:07:00   21945104 BESConsole.exe

    It doesn't have a lot of properties..

    Also, i cant find it as a property of get-process, i tried that too.

    Does anybody knows how to get the value of it? Or maybe a direction i can search for?

    Many thanks!

    Steini46





    Wednesday, October 14, 2015 9:08 AM

Answers

  • You can't retrieve  IO with 'get-process'. In your example you use 'get-itemproperty' to retrieve the file from disk doesn't anything with performance.

    Use 'get-counter' for that, see code below to get you started.

    $gc = get-counter '\Process(*)\IO Read Bytes/sec'
    $gc.countersamples | sort cookedvalue


    Cheers,

    Ruud
    Twitter:    Blog: www.ruudborst.nl  LinkedIn:    
    Note: Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.




    • Edited by Ruud BorstMVP Wednesday, October 14, 2015 3:45 PM
    • Marked as answer by Steini46 Thursday, October 15, 2015 10:47 AM
    Wednesday, October 14, 2015 11:50 AM

All replies

  • You can't retrieve  IO with 'get-process'. In your example you use 'get-itemproperty' to retrieve the file from disk doesn't anything with performance.

    Use 'get-counter' for that, see code below to get you started.

    $gc = get-counter '\Process(*)\IO Read Bytes/sec'
    $gc.countersamples | sort cookedvalue


    Cheers,

    Ruud
    Twitter:    Blog: www.ruudborst.nl  LinkedIn:    
    Note: Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.




    • Edited by Ruud BorstMVP Wednesday, October 14, 2015 3:45 PM
    • Marked as answer by Steini46 Thursday, October 15, 2015 10:47 AM
    Wednesday, October 14, 2015 11:50 AM
  • Hi Ruud

    Thanks for your help, i do have some data now. But i have another question regarding that. I receive some data, but i also receive an error. Any idea why?

    PS C:\windows\system32> $gc = get-counter '\Process(*)\IO Read Bytes/sec'
    $gc.countersamples.RawValue
    get-counter : The data in one of the performance counter samples is not valid. View the Status property for each 
    PerformanceCounterSample object to make sure it contains valid data.
    At line:1 char:7
    + $gc = get-counter '\Process(*)\IO Read Bytes/sec'
    +       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidResult: (:) [Get-Counter], Exception
        + FullyQualifiedErrorId : CounterApiError,Microsoft.PowerShell.Commands.GetCounterCommand
     
    0
    175274607
    33310
    10154471
    374272
    540769
    10976082
    23496
    1821820

    After I check the Status of it, I see a lot of processes with 0, but a few with 2147485649.

    The process with that number are searchprotocolhost, searchfilterhost and wmiapsrv.

    Any idea what it means or how to solve the error?

    Thursday, October 15, 2015 9:02 AM
  • Yes that happens sometimes, I don't know the exact cause.

    But you can also query the WMI, drawback is that you can't use the rich sampling get-counter provides. Use below oneliner and adjust for your own needs.

    gwmi Win32_PerfFormattedData_PerfProc_Process | sort IOReadBytesPersec -des | select  Name,IOReadBytesPersec,IOWriteBytesPersec | ft -AutoSize



    Cheers,

    Ruud
    Twitter:    Blog: www.ruudborst.nl  LinkedIn:    
    Note: Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.




    Thursday, October 15, 2015 9:52 AM
  • Ok, i'll search some more for the root cause. But it works so.

    Thanks for your help, appreciate it!

    Thursday, October 15, 2015 10:47 AM
  • No problem!

    Cheers,

    Ruud
    Twitter:    Blog: www.ruudborst.nl  LinkedIn:    
    Note: Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

    Thursday, October 15, 2015 11:15 AM
  • Regarding "After I check the Status of it, I see a lot of processes with 0, but a few with 2147485649."

    I've seen this status also while analyzing perfmon files.  Processes start and stop.  By consequence, if you collect proces(*) counters fi 100 times with an interval of 5seconds, it might occure process A exists in the first sample, but no longer after fi the 5th sample and vice versa, their might be a process B that does not exist when capturing the first sample being started between the 34th and 35th sample.  It turns out in that case, perfmon/logman/get-counter stores the counter for each sample with state 2147485649 at the moment it does not exist.

    Kind regards

    Peter Van Mortsel

    Thursday, March 24, 2016 3:57 PM