{"id":19675,"date":"2023-08-14T21:24:34","date_gmt":"2023-08-15T01:24:34","guid":{"rendered":"https:\/\/kevinjustin.com\/blog\/?p=19675"},"modified":"2023-08-15T06:17:51","modified_gmt":"2023-08-15T10:17:51","slug":"top-process-powershell-script","status":"publish","type":"post","link":"https:\/\/kevinjustin.com\/blog\/2023\/08\/14\/top-process-powershell-script\/","title":{"rendered":"Top Process PowerShell script"},"content":{"rendered":"
\"Task<\/a>
Task Manager output for ‘Top Process PowerShell script management pack’<\/figcaption><\/figure>\n

 <\/p>\n

Ever wish you had task manager output when you had a monitor go unhealthy?\u00a0 Following Kevin Holman’s lead to ‘Monitor Processes<\/a>‘, the idea landed to build out the ‘Top Process PowerShell script’.\u00a0 This morphed into a management pack with Knowledge entries to better explain what is being done.\u00a0 Integrating Top Process into Health Explorer output as a recovery task helped provide another step before alerting.\u00a0 \u00a0 The idea started from the need to prove which Security tool(s) were causing the over-utilized compute spikes, causing non-responsive server(s).\u00a0 Thinking back to my UNIX days, we simply used top<\/a>, vmstat<\/a>, iostat, and other commands to identify problematic processes.\u00a0 Integrating PowerShell scripts into SCOM is part of the fun, then linking the obfuscated Security processes for the final output.\u00a0 From there, extrapolate into Azure Functions or Azure Logic apps, for additional functionality for cloud native monitoring.<\/p>\n

 <\/p>\n

Quick Download: <\/strong><\/span><\/span>https:\/\/github.com\/theKevinJustin\/TopProcess<\/a><\/p>\n

Tier1 separated monitoring (no AD) https:\/\/github.com\/theKevinJustin\/TopProcessTier1<\/a><\/p>\n

<\/h2>\n

Building out the ‘Top Process PowerShell script’<\/h2>\n

Kevin Holman built a ‘ Monitor.Performance.ConsecSamples.ThenScript.TwoState.mpx fragment, beginning the logical journey.\u00a0 \u00a0His fragment helped me start with a working model, taking processes and cores into consideration for true CPU usage on multi-core servers.<\/p>\n

\"Kevin<\/a>
Kevin Holman Monitor performance then script fragment for PowerShell get-counter syntax<\/figcaption><\/figure>\n

 <\/p>\n

We need to see the processes, and their corresponding value, then build an output table (custom object).\u00a0 After gathering the processes, feed the TopProcesses array, lastly sorting the array for CPUValue<\/p>\n

\"Top<\/a>
Top Process memory usage snippet<\/figcaption><\/figure>\n

Next, we’ll want to see what applications\/tools might be involved, including Active Client, IIS, monitoring, and EndPoint Management tools (keep things honest!).<\/p>\n

\"Added<\/a>
Added the Security Processes into the mix<\/figcaption><\/figure>\n

Then we build an output of the data so we can take the datasource (DS) or WriteAction (WA) into a scripted monitor\/rule, or recovery tasks linked to various monitors.\u00a0 Even built a forked version in case of SAW\/Red Forest, separating Tier0 monitoring from Tier1 (snippet below is NOT that pack)<\/p>\n

\"snippet<\/a>
snippet of manual tasks and recoveries that link to multiple monitors<\/figcaption><\/figure>\n

 <\/p>\n

Useful links<\/h3>\n

Kevin Holman MP fragments blog<\/a> and GitHub Fragment library\/repository<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

  Ever wish you had task manager output when you had a monitor go unhealthy?\u00a0 Following Kevin Holman’s lead to ‘Monitor Processes‘, the idea landed to build out the ‘Top Process PowerShell script’.\u00a0 This morphed into a management pack with Knowledge entries to better explain what is being done.\u00a0 Integrating Top Process into Health Explorer … Continue reading “Top Process PowerShell script”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,5,7,545,530],"tags":[705,223,706,342,505,703,704,702,461,520],"class_list":["post-19675","post","type-post","status-publish","format-standard","hentry","category-administration","category-best-practice","category-mp-management-pack","category-powershell","category-scom","tag-cpu","tag-management-pack","tag-offending-process","tag-scom","tag-scom2019","tag-task-manager","tag-top","tag-top-process","tag-unix","tag-vmstat"],"yoast_head":"\nTop Process PowerShell script - Kevin Justin's Blog<\/title>\n<meta name=\"description\" content=\"Use the 'Top Process PowerShell script' SCOM management pack to identify culprit applications and processes causing many SCOM alerts.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kevinjustin.com\/blog\/2023\/08\/14\/top-process-powershell-script\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Top Process PowerShell script - Kevin Justin's Blog\" \/>\n<meta property=\"og:description\" content=\"Use the 'Top Process PowerShell script' SCOM management pack to identify culprit applications and processes causing many SCOM alerts.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kevinjustin.com\/blog\/2023\/08\/14\/top-process-powershell-script\/\" \/>\n<meta property=\"og:site_name\" content=\"Kevin Justin's Blog\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-15T01:24:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-15T10:17:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2023\/08\/TaskManager.png\" \/>\n<meta name=\"author\" content=\"WordPress Administrator\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"WordPress Administrator\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/14\\\/top-process-powershell-script\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/14\\\/top-process-powershell-script\\\/\"},\"author\":{\"name\":\"WordPress Administrator\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/#\\\/schema\\\/person\\\/3d7a90f4430bef43134eaa0a7e2cd508\"},\"headline\":\"Top Process PowerShell script\",\"datePublished\":\"2023-08-15T01:24:34+00:00\",\"dateModified\":\"2023-08-15T10:17:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/14\\\/top-process-powershell-script\\\/\"},\"wordCount\":411,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/14\\\/top-process-powershell-script\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/TaskManager.png\",\"keywords\":[\"CPU\",\"management pack\",\"offending process\",\"SCOM\",\"scom2019\",\"task manager\",\"top\",\"top process\",\"unix\",\"vmstat\"],\"articleSection\":[\"Administration\",\"Best Practice\",\"MP Management Pack\",\"PowerShell\",\"SCOM\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/14\\\/top-process-powershell-script\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/14\\\/top-process-powershell-script\\\/\",\"url\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/14\\\/top-process-powershell-script\\\/\",\"name\":\"Top Process PowerShell script - Kevin Justin's Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/14\\\/top-process-powershell-script\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/14\\\/top-process-powershell-script\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/TaskManager.png\",\"datePublished\":\"2023-08-15T01:24:34+00:00\",\"dateModified\":\"2023-08-15T10:17:51+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/#\\\/schema\\\/person\\\/3d7a90f4430bef43134eaa0a7e2cd508\"},\"description\":\"Use the 'Top Process PowerShell script' SCOM management pack to identify culprit applications and processes causing many SCOM alerts.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/14\\\/top-process-powershell-script\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/14\\\/top-process-powershell-script\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/14\\\/top-process-powershell-script\\\/#primaryimage\",\"url\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/TaskManager.png\",\"contentUrl\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/TaskManager.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/14\\\/top-process-powershell-script\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Top Process PowerShell script\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/\",\"name\":\"Kevin Justin's Blog\",\"description\":\"Operational monitoring tools including System Center, Azure Monitor\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/#\\\/schema\\\/person\\\/3d7a90f4430bef43134eaa0a7e2cd508\",\"name\":\"WordPress Administrator\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fca865cc5df90a25ae9533b1d9dea567a78c7469dc3202a376c8d117a0eaea11?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fca865cc5df90a25ae9533b1d9dea567a78c7469dc3202a376c8d117a0eaea11?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fca865cc5df90a25ae9533b1d9dea567a78c7469dc3202a376c8d117a0eaea11?s=96&d=mm&r=g\",\"caption\":\"WordPress Administrator\"},\"sameAs\":[\"https:\\\/\\\/kevinjustin.com\"],\"url\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/author\\\/wordpress_admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Top Process PowerShell script - Kevin Justin's Blog","description":"Use the 'Top Process PowerShell script' SCOM management pack to identify culprit applications and processes causing many SCOM alerts.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kevinjustin.com\/blog\/2023\/08\/14\/top-process-powershell-script\/","og_locale":"en_US","og_type":"article","og_title":"Top Process PowerShell script - Kevin Justin's Blog","og_description":"Use the 'Top Process PowerShell script' SCOM management pack to identify culprit applications and processes causing many SCOM alerts.","og_url":"https:\/\/kevinjustin.com\/blog\/2023\/08\/14\/top-process-powershell-script\/","og_site_name":"Kevin Justin's Blog","article_published_time":"2023-08-15T01:24:34+00:00","article_modified_time":"2023-08-15T10:17:51+00:00","og_image":[{"url":"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2023\/08\/TaskManager.png","type":"","width":"","height":""}],"author":"WordPress Administrator","twitter_card":"summary_large_image","twitter_misc":{"Written by":"WordPress Administrator","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/14\/top-process-powershell-script\/#article","isPartOf":{"@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/14\/top-process-powershell-script\/"},"author":{"name":"WordPress Administrator","@id":"https:\/\/kevinjustin.com\/blog\/#\/schema\/person\/3d7a90f4430bef43134eaa0a7e2cd508"},"headline":"Top Process PowerShell script","datePublished":"2023-08-15T01:24:34+00:00","dateModified":"2023-08-15T10:17:51+00:00","mainEntityOfPage":{"@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/14\/top-process-powershell-script\/"},"wordCount":411,"commentCount":0,"image":{"@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/14\/top-process-powershell-script\/#primaryimage"},"thumbnailUrl":"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2023\/08\/TaskManager.png","keywords":["CPU","management pack","offending process","SCOM","scom2019","task manager","top","top process","unix","vmstat"],"articleSection":["Administration","Best Practice","MP Management Pack","PowerShell","SCOM"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kevinjustin.com\/blog\/2023\/08\/14\/top-process-powershell-script\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/14\/top-process-powershell-script\/","url":"https:\/\/kevinjustin.com\/blog\/2023\/08\/14\/top-process-powershell-script\/","name":"Top Process PowerShell script - Kevin Justin's Blog","isPartOf":{"@id":"https:\/\/kevinjustin.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/14\/top-process-powershell-script\/#primaryimage"},"image":{"@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/14\/top-process-powershell-script\/#primaryimage"},"thumbnailUrl":"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2023\/08\/TaskManager.png","datePublished":"2023-08-15T01:24:34+00:00","dateModified":"2023-08-15T10:17:51+00:00","author":{"@id":"https:\/\/kevinjustin.com\/blog\/#\/schema\/person\/3d7a90f4430bef43134eaa0a7e2cd508"},"description":"Use the 'Top Process PowerShell script' SCOM management pack to identify culprit applications and processes causing many SCOM alerts.","breadcrumb":{"@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/14\/top-process-powershell-script\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kevinjustin.com\/blog\/2023\/08\/14\/top-process-powershell-script\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/14\/top-process-powershell-script\/#primaryimage","url":"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2023\/08\/TaskManager.png","contentUrl":"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2023\/08\/TaskManager.png"},{"@type":"BreadcrumbList","@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/14\/top-process-powershell-script\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/kevinjustin.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Top Process PowerShell script"}]},{"@type":"WebSite","@id":"https:\/\/kevinjustin.com\/blog\/#website","url":"https:\/\/kevinjustin.com\/blog\/","name":"Kevin Justin's Blog","description":"Operational monitoring tools including System Center, Azure Monitor","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kevinjustin.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/kevinjustin.com\/blog\/#\/schema\/person\/3d7a90f4430bef43134eaa0a7e2cd508","name":"WordPress Administrator","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/fca865cc5df90a25ae9533b1d9dea567a78c7469dc3202a376c8d117a0eaea11?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/fca865cc5df90a25ae9533b1d9dea567a78c7469dc3202a376c8d117a0eaea11?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fca865cc5df90a25ae9533b1d9dea567a78c7469dc3202a376c8d117a0eaea11?s=96&d=mm&r=g","caption":"WordPress Administrator"},"sameAs":["https:\/\/kevinjustin.com"],"url":"https:\/\/kevinjustin.com\/blog\/author\/wordpress_admin\/"}]}},"_links":{"self":[{"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/posts\/19675","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/comments?post=19675"}],"version-history":[{"count":13,"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/posts\/19675\/revisions"}],"predecessor-version":[{"id":19698,"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/posts\/19675\/revisions\/19698"}],"wp:attachment":[{"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/media?parent=19675"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/categories?post=19675"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/tags?post=19675"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}