Telegraf Windows Registry Input Plugin #14653
Comments
1tft
added
the
feature request
|
Thanks for filing the feature request. We shall take a look! |
|
We also need this function to get values from the registry, such as the UBR version, which is not included in any WMI class |
|
Yes, would be a very useful feature , we need. |
|
@1tft and @PSHWorkShop, please test the binary in PR #15300 and let me know if that works for you! The new feature adds more than only querying the registry but allows to invoke arbitrary WMI methods. Therefore, to read a registry value you should do # Input plugin to query Windows Management Instrumentation
# This plugin ONLY supports Windows
[[inputs.win_wmi]]
## Hostname or IP for remote connections, by default the local machine is queried
# host = ""
## Credentials for the connection, by default no credentials are used
# username = ""
# password = ""
[[inputs.win_wmi.method]]
## WMI namespace, class and method to use
namespace = 'root\default'
class_name = "StdRegProv"
method = "GetStringValue"
## Returned WMI method values to use as tags instead of fields
# tag_properties = ["ReturnValue"]
## Named arguments for the method call
[inputs.win_wmi.method.arguments]
hDefKey = '2147483650'
sSubKeyName = 'Software\Microsoft\windows NT\CurrentVersion'
sValueName = 'ProductName'to read |
|
Hello, The code works, but if you get multiple values from different registry code you get the same field name. [[inputs.win_wmi]] [[inputs.win_wmi.method]] [[inputs.win_wmi.method]] [[inputs.win_wmi.method]] Result: StdRegProv,host=PC1 ReturnValue=0i,sValue="Windows Server 2021" 17150xxxxx000000000 Could you not use the value of sValueName = 'ProductName' field name, or specify the return field in parameters. [inputs.win_wmi.method.arguments] Better should be: StdRegProv,host=PC1 ReturnValue=0i,MyProductname="Windows 10 Pro" 1715058810000000000 |
|
@PSHWorkShop currently we use the name of the value returned by the function call. Your approach will run into problems if the method returns multiple fields I think, therefore I'm not sure if this is a good idea. I added a |
|
Using this config prints out these metrics:
We dont know that one sValueName (property) can return more than 1 value and so you cant use automatically property name instead of "sValue", "uValue" etc.. Later we use merge aggregator plugin to get only one metric. |
|
Yeah, there might be WMI calls that return more than one property (e.g. |
Use Case
We want to consume string and numeric values from Windows registry. Here you can find usefull generic windows information like windows version, settings and much more. Also some apps are storing important information here.
Expected behavior
Telegraf can read values (String, DWORD, QWORD) from given Windows Registry path like
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate
Actual behavior
Currently getting string and numeric values from Windows registry is not possible with Telegraf standard plugins. Also no chance with
inputs.win_wmibecause it uses WQL-Interface which does not support method-calls.Additional info
Currently you have to use
inputs.execto execute a custom poweshell script to get Windows Regitry values. Executing powershell scripts is not always a good solution because of security concerns and for users without Powershell coding knowledge.The text was updated successfully, but these errors were encountered: