Query Details
Detect Processes That Are Reading Or Writing Significantly To Disk
Query
Use Case: Monitoring and identifying high disk I/O activity for processes exceeding 10 MB in either read or write operations to optimize resource usage. Query: Process | where DiskBytesRead > 10000000 or DiskBytesWritten > 10000000 | project ProcessId, ProcessName, Path, DiskBytesReadMB = DiskBytesRead / 1048576, DiskBytesWrittenMB = DiskBytesWritten / 1048576 | order by DiskBytesWrittenMB desc
Explanation
This query is used to monitor and identify processes that have high disk input/output (I/O) activity. It looks for processes that have either read or written more than 10 MB of data to the disk. The query then projects the process ID, process name, file path, and the amount of data read and written in megabytes. Finally, the results are ordered in descending order based on the amount of data written to the disk.
Details
Ugur Koc
Released: February 4, 2024
Tables
Process
Keywords
Process,DiskBytesRead,DiskBytesWritten,Project,ProcessId,ProcessName,Path,DiskBytesReadMB,DiskBytesWrittenMB,Order
Operators
where>orproject/order bydesc