Process CPU utilization

Have you ever wondered which process utilizes the most your server/desktop. Especially if we are talking about CPU utilization. Of course, you can check it in the Task Manager. But if you can’t do this? If you have multiple servers (ie. with RDS role installed). You can use Performance Monitor. So create DataCollector set with one DataCollector. Include only “% Processor Time” counter for all processes (“\Process(*)\% Processor Time”).

When you are done, just start it and wait for some time to collect some data. When you stop it, you will get .blg file will all the data. When you open the file you will get something similar to this view:

You can see, that “_Total” instance is almost a straight line – around 800 (800, not 80, because of the multiplier 0.1). Why 800? This counter calculate processor time for each core separately. So in my case I have 8 cores, so I have 800 points (or percent). When you add additional instances (by clicking on green plus sign) then you will see something like this.

We can try to focus on a processes which we thing might be a problem – ie. Outlook:

But still, it’s hard to find, what is utilizing the CPU in total. This it the same .blg file processed by my tool – to visualize process CPU utilization. As you can see, in 8 hours time frame all OUTLOOK processes utilizes only 1.7% CPU. More CPU time consumed all IE processes (almost 5%).

In the chart above you can see processes grouped by the instance name. And you you would like to see all individual processes, you can always do this:

Process CPU visualizer – how to use it

This program was written in Python. I have published it on my GitHub. You can source code and run it using python, or you can download precompiled binary version for Windows.


How to use it.

First, you have to have .blg file with “\Process(*)\% Processor Time” counters. The you have to use relog tool to create CSV file. This program accept only CSV file with valid counters. You can’t use anything else except “\Process(*)\% Processor Time”.

> relog DataCollector01.blg -c "\Process(*)\% Processor Time" -f CSV -o processes.csv

You can also change time frame using -b and -e switches. When you have this CSV file ready, you can use pCPUv tool to parse the input.

When you run the tool without any parameters (it can by .py or .exe file) – you will see the help:


pCPUvis v0.7 - parse and visualize processes CPU usage
Copyright (c) 2017, Jarek Sobel

usage: pCPUvis -i <input_file> -c <cores> [-n -o <output_file> -p <picture_file> -t <picture_title> -s(how) -d(etails) -v(erbose)]

 -h print this help
 -i <input_file> input file to process (CSV format)
 -c <cores> number od CPUs/cores on a system
 -n process ID number (after _) instead of next process number (#)
 -o <output_file> output file containing processes name and CPU summary utilization
 -p <picture_file> output image file name containing graph of proceses CPU utilization (PNG format)
 -t <picture_title> image file title (information shows above graph)
 -s(how) show image graph interactively
 -d(etails) show detailed information including each process individually
 -v(erbose) show debug information

mandatory parameters are (-i and -c), the rest are optional.

Here are some examples why this tool might be helpful. In example to identify the failure processes which utilizing CPU in a constant way.

Basic usage (input file and 4 cores CPU). -s also show graph interactively:

> -i processes.csv -c 4 -s

the program will generate table with all processes and their CPU utilization (here are only few first rows):

| Process name | % Total CPU Usage |
| _Total | 100.0 |
| Idle | 49.159 |
| iexplore | 38.369 |
| vf_agent | 3.247 |
| explorer | 1.827 |
| EndPointClassifier | 1.488 |
| MsMpEng | 1.457 |
| POWERPNT | 0.916 |
| svchost | 0.771 |
| ctxgfx | 0.766 |
| lync | 0.597 |
| OUTLOOK | 0.577 |
| AcroRd32 | 0.522 |
| BNDevice | 0.0 |
| AdobeARM | 0.0 |
| 7zFM | 0.0 |
Number of process groups: 111 (388 unique processes)

Second basic usage (input file and 4 cores CPU). -n means, that we are using ‘_’ as PID separator, -d is detailed information and -s to show the graph:

> -i processes.csv -c 4 -n -d -s

To change Process Monitor behavior about PID or instance name just create new DWORD value named “ProcessNameFormat” in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfProc\Performance.
Data value might be:

  • 1: Disables PID data. This value is the default value.
  • 2: Enables PID data.

Here is the technet post how to change PID to instance in Process Monitor:

And the last example – batch processing. This command will put the table output to process.txt file and graph output to process.png (right now it has to be PNG file) image (title for this image will be “Host 1”).

> -i processes.csv -c 4 -o processes.txt -p processes.png -t "Host 1"

There is also debug mode (-v switch). It generates log file (in the same directory). Right now this is just beta version, so I can ask you to send me this log file to analyze what is working incorrectly.

Demo gallery