I created a thread in the Elasticsearch forums with the information below. From a MS perspective is there any other info on the paths for Active Directory perfmon that I can look at. I've looked at a lot of the links that come up in these (TechNet) forums but they've provided very little insight on the proper info to put into my metricbeat windows module yaml. Any insight would be appreciated.
Elasticsearch post:
I'm looking for a little guidance on how to build out the windows.yml module in Metricbeat. If this is being built out correctly we may need 3-4 lines to ship the Active Directroy perfmon out. The issue that I'm having is that I'm not able to
find a lot of specified info on AD perfmon so if anyone has any links that I could be missing that would be appreciated. From my research it seems like these perfmon counters are also under NTDS so I'm not sure how this fits into the syntax as well.
I should be able to replicate what the memory section but that might not necessarily be the case. Overall were trying to replicate some Splunk dashboards in Kibana but there isnt a specific app like there is in Splunk.
```
# ########## Memory
- instance_label: memory.name
instance_name: memory.page.total.reads_sec
measurement_label: memory.page.total.reads_sec
query: '\Memory\Page Reads/sec'
```
```
# ########## Active Directory
- instance_label: ntds.name
instance_name: ntds.ds.directory.reads_sec
measurement_label: ?
query: '\DS Directory Reads/sec'
```