Windows 10

Recording and Analyzing Performance Data

You need to record performance data and analyze it to know what's really happening on your computer. Logging performance data isn't something you should do haphazardly. You should have a clear plan before you begin, and that plan should define specifically why you want to log performance data. For example, you might think that an application you are using has a memory leak that is causing your computer to perform poorly, and you could prove this by logging memory usage data while working with the application.

Logging Performance Data

Although Resource Monitor and Task Manager tell you what's happening on your computer, they don't delve deep enough to help you resolve every performance problem you'll encounter-this is where Performance Monitor is useful.

Performance Monitor, graphs usage statistics for sets of performance parameters that you've selected for display. Open this utility by typing Performance Monitor in the Search box, and then pressing Enter.

Performance parameters that you track are referred to as counters. When you install certain applications on your computer, Performance Monitor might be updated with a set of counters for tracking related performance. Similarly, performance counters may be added when you install certain services and add-ons for Windows.

Performance Monitor has several key features. A legend, displayed at the bottom of the details pane, shows the color and line style used for each counter. A value bar, displayed between the graph and the legend, shows values related to the counter you've selected in the graph or in the legend. A toolbar, displayed above the graph, provides the basic functions and options for working with Performance Monitor. Each toolbar button has a keyboard shortcut as well.

The toolbar buttons and their shortcut keys are as follows:

  • View Current Activity: CTRL+T; switches the view so that current activity being logged is displayed.
  • View Log Data: CTRL+L; switches the view so that data from a performance log can be replayed.
  • Change Graph Type: CTRL+G; switches the view to toggle between bar graph, report list, and graph format.
  • Add: CTRL+N; displays the Add Counters dialog box, which lets you add counters to track.
  • Delete: DELETE key; removes the currently selected counter so that it is no longer tracked.
  • Highlight: CTRL+H; highlights the currently selected counter with a white line so that it is more easy to see. To turn the Highlight function off, select the counter and press CTRL+H again.
  • Copy Properties: CTRL+C; creates a copy of the counter list, along with the individual configuration of each counter, and puts it on the Windows Clipboard as an Extensible Markup Language (XML) file.
  • Paste Counter: List CTRL+V; pastes a copied counter list into Performance Monitor so that it is used as the current counter set. If you saved a counter list to a file, you simply open the file, copy the contents of the file to the Clipboard, and then press CTRL+V in Performance Monitor to use that counter list.
  • Properties: CTRL+Q; displays the Properties dialog box for a select item.
  • Freeze Display: CTRL+F; freezes the display so that Performance Monitor no longer updates the performance information. Press CTRL+F again to resume sampling.
  • Update Data: CTRL+U; updates the display by one sampling interval. When you freeze the display, Performance Monitor still gathers performance information; it just doesn't update the display using the new information. To update the display while it is frozen, use this option.

The graphing update interval is configurable, but it is set to 1 second by default. Because you'll often need to track many counters to identify a performance problem, you'll find that recording the performance data in a log and then analyzing the log data is typically the best approach. Performance Monitor also allows you to configure alerts that send messages when certain events occur.

To work effectively with Performance Monitor, you need to understand the difference between performance counters and performance objects. Performance counters represent the measurable properties of performance objects. A performance object can be a physical part of the operating system, such as the memory, the processor, or the paging file; a logical component, such as a logical disk or print queue; or a software element, such as a process or a thread.

Performance object instances represent single occurrences of performance objects. If a particular object has multiple instances, such as when a computer has multiple processors, you can use an object instance to track a specific occurrence of that object. You could also elect to track all instances of an object, such as when you want to monitor all processors on your computer.

The most common performance objects you'll want to monitor include:

  • Cache:
    Represents the file system cache, which is an area of physical memory that indicates application I/O activity.
  • LogicalDisk:
    Represents the logical volumes on your computer.
  • Memory:
    Represents memory performance for system cache (including pooled, paged memory and pooled, nonpaged memory), physical memory, and virtual memory.
  • Network:
    Interface Represents the network adapters configured on your computer.
  • Objects:
    Represents the number of events, processes, sections, semaphores, and threads on your computer.
  • Paging File:
    Represents page file current and peak usage.
  • PhysicalDisk:
    Represents hard disk read/write activity as well as data transfers, hard faults, and soft faults.
  • Print Queue:
    Represents print jobs, spooling, and print queue activity.
  • Process:
    Represents all processes running on your computer.
  • Processor:
    Represents processor idle time, idle states, usage, deferred procedure calls, and interrupts.
  • System:
    Represents system-level counters, including processes, threads, context switching of threads, file system control operations, system calls, and system uptime.
  • Thread:
    Represents all running threads and allows you to examine usage statistics for individual threads by process ID.

Each of these performance objects has a set of counters that can be tracked.

Choosing Counters to Monitor

Performance Monitor displays information only for counters that you're tracking. You'll find counters related to just about every logical and physical aspect of your computer. The easiest way to learn about these counters is to read the explanations available when you select a counter. To do this, start Performance Monitor, click Add on the toolbar, expand an object in the Available Counters list, and then select the Show Description check box. Now when you scroll through the list of counters for the selected object you'll see a detailed description of what the counter represents and how it can be used.

When you are configuring monitoring for a particular object, pay particular attention to the instances of that object that will be tracked. You can configure tracking for all instances of an object or for specific instances. For example, when you track the Physical Disk object, you have a choice of tracking all physical disk instances or specific physical disk instances. If you think a particular disk is going bad or experiencing other problems, you could monitor just that disk instance.

The two special instance types you should know are:

  • _Total:
    Tracks all instances of a counter in total, rather than separately. Use _Total to track the overall performance of all instances of a related counter. For example, if your computer has four processor cores, you could track their processor usage in total rather than separately for each processor core.
  • <All Instances>:
    Tracks all instances of a counter separately, rather than in total. Use <All Instances> to track all instances of a related counter separately. For example, if your computer has four processor cores, you could track processor usage individually for all processor instances.

Performance Monitor allows you to view performance data as graphed current data, line data, histogram data, and report data. By clicking View Current Activity on the toolbar or pressing Ctrl+T, you can be sure you are viewing a graph of current activity. You can switch between the view types by clicking Change Graph Type or pressing Ctrl+G.

In the Histogram Bar view, Performance Monitor represents the performance data by using a bar graph with the last sampling value for each counter graphed. The sizes of the bars within the graph are adjusted automatically based on the number of performance counters being tracked and can be adjusted to accommodate hundreds of counters, which is useful because it allows you to track multiple counters more easily than other views.

In the Report view, Performance Monitor represents the performance data in a report list format. In this view, objects and their counters are listed in alphabetical order and performance data is displayed numerically rather than graphed. If you are trying to determine specific performance values for many different counters, this is the best view to use because the actual values are always shown.

You can select counters to monitor by following these steps:

  1. Click Add on the toolbar or press Ctrl+N to display the Add Counters dialog box. Note that only administrators of the local computer and members of the local Performance Log users group can monitor performance data.
  2. In the Available Counters section, performance objects are listed alphabetically. Click an object entry to select all related counters, or expand an object entry and then select individual counters by clicking them.
  3. When you select an object or any of its counters, you see the related instances. Choose _Total to track all instances of a counter in total or <All Instances> to track all instances of a counter separately.
  4. After you've selected an object or a group of counters for an object as well as the object instances, click Add to add the counters to the graph.
  5. Repeat steps 2-3 to add other performance parameters. Click OK when you have finished and are ready to start graphing performance.
Tip:
Don't try to graph too many counters or counter instances at once. You'll make the display too difficult to read, and you'll use system resources.

Identifying Performance Bottlenecks

The way your computer performs depends primarily on its memory configuration, its processors, its hard disks, and its networking components, each of which can act as a bottleneck that keeps your computer from performing at its best.

Your computer's memory is often the source of the biggest performance issues, and you should always rule out memory problems before examining other areas of the system. Because computers use both physical and virtual memory, look specifically at physical memory, caching, and virtual memory. Virtual memory is paged to disk and represented by the paging file. Look specifically at:

  • Memory\Available Bytes
  • Memory\Committed Bytes
  • Memory\Commit Limit

If your computer has very little available memory, you might need to add memory. Generally, you want the available memory under normal usage conditions to be no less than 5 percent of the total physical memory on the computer. If your computer has a high ratio of committed bytes to total physical memory on the system, you might need to add memory as well. Generally, you want the committed bytes value to be no more than 75 percent of the total physical memory.

You should also look at memory page faults. To do this, track:

  • Memory\Page Faults/sec
  • Memory\Pages Input/sec
  • Memory\Page Reads/sec

A page fault occurs when a process requests a page in memory and the operating system can't find it at the requested location. If the requested page is elsewhere in memory, the fault is called a soft page fault. If the requested page must be retrieved from disk, the fault is called a hard page fault. Most processors can handle large numbers of soft faults, but hard faults can cause performance problems.

Page Faults/sec is the overall rate at which the processor handles all types of page faults. Pages Input/sec is the total number of pages read from disk to resolve hard page faults. Page Reads/sec is the total disk reads needed to resolve hard page faults. Pages Input/sec will be greater than or equal to Page Reads/sec and can give you a good idea of your hard page fault rate. A high number of hard page faults could indicate that you need to increase the amount of memory or reduce the cache size on the computer.

For deeper problems, take a look at the page pool and the nonpaged pool by using Memory\Pool Paged Bytes and Memory\Pool Nonpaged Bytes. The paged pool is an area of system memory for objects that can be written to disk when they aren't used. The nonpaged pool is an area of system memory for objects that can't be written to disk. If the size of the paged pool is large relative to the total amount of physical memory, you might need to add memory to your computer. If the size of the nonpaged pool is large relative to the total amount of virtual memory allocated, you might want to increase the virtual memory size.

Focus on your computer's processor after you have eliminated memory as a potential bottleneck source. If the computer's processors are the performance bottleneck, adding memory or faster drives won't resolve your performance problem. Instead, you might need to upgrade the processors to faster clock speeds or add processors. Look specifically at:

  • System\Processor Queue Length
  • Processor\% Processor Time

System\Processor Queue Length tracks the number of threads waiting to be executed. These threads are queued in an area shared by all processors. Generally, you want very few queued threads per processor. Otherwise, you may need to upgrade or add processors.

Processor\% Processor Time tracks the percentage of time a processor is executing a nonidle thread. If the % Processor Time values are high and the network interface and disk I/O throughput rates are relatively low, you may need to upgrade or add processors.

Your computer's hard disks and networking components may be causes of bottlenecks as well. Accessing memory is much faster than reading from disk or retrieving data over a network. If your computer has to do a lot of reads and writes, whether to disk or over the network, its overall performance can be degraded. To reduce the amount of disk activity, you want the computer to manage memory very efficiently and page to disk only when necessary.

If you've fine-tuned virtual memory and are still having problems, you may want to track counters related to disk I/O activity. Specifically, you should monitor:

  • PhysicalDisk\% Disk Time
  • PhysicalDisk\Disk Writes/sec,
  • PhysicalDisk\Disk Reads/sec
  • PhysicalDisk\CurrentDisk Queue Length

PhysicalDisk\% Disk Time gives you a good picture of overall drive performance. Be sure to monitor % Disk Time for all hard disk drives on the computer, and use this counter in conjunction with Processor\% Processor Time and Network Interface Connection\Bytes Total/sec. If the % Disk Time value is high and the processor and network connection values aren't high, your computer's disk drives might be the source of a performance bottleneck.

The number of reads and writes per second reveals how much disk I/O activity there is. The disk queue length indicates the number of read or write requests that are waiting to be processed. Generally, you want very few waiting requests.

Although memory, processors, and hard disks have the biggest actual impact on performance, your perception about the speed and performance of your computer may be tied directly to its networking components. If your computer is still using a dial-up modem to connect to the Internet, your connection will be slow and transferring data will be painfully slow. Wireless connections can also seem very slow, especially if your network hasn't been upgraded to the latest and greatest high-speed wireless technologies.

Network latency can affect your experience. A long delay, or high degree of latency, between when a request is made and the time it's received can make your computer seem very slow. You can't do much about latency. It's a function of the type of connection and the route the request takes to your computer. On the other hand, the total capacity of your computer to handle requests and the amount of bandwidth available are factors you can control.

The capacity of your network card can be a limiting factor. Older computers may use 10/100 network cards instead of newer 100/1000 network cards. Someone might have configured a 100/1000 card for 100 Mbps, or the card might be configured for half duplex instead of full duplex. If you suspect a capacity problem with a network card, you should always check its configuration.

You can determine the throughput and current activity on your computer's network cards by using the following counters:

  • Network Interface\Bytes Received/sec
  • Network Interface\Bytes Sent/sec
  • Network Interface\Bytes Total/sec
  • Network Interface\Current Bandwidth

Compare these values in conjunction with PhysicalDisk\% Disk Time and Processor\% Processor Time. If the disk time and processor time values are low but the network values are very high, you might have a capacity problem. Solve the problem by optimizing the network card settings or by adding a network card. Remember that the hubs and routers on your network can also limit the networking speed. If your network card is 1 Gbps and you want to operate at this speed, your network hubs and routers must support 1 Gbps.

[Previous] [Contents]

In this tutorial:

  1. Analyzing and Logging Performance
  2. Diagnosing and Resolving Problems with Troubleshooters
  3. Recording and Analyzing Performance Data