Windows: How to determine the cause of heavy disk use
I'm using perfmon's "PhysicalDisk\% Idle Time" to determine when the disk is being used heavily. The question is, what's the best/quickest way to narrow down what was using the disk?
I'm aware of the following perfmon counters but they each have issues:
- Memory\Pages/sec: useful if disk usage was due to paging, useless otherwise.
- Process\IO Data Bytes/sec: includes non-disk IO as well (eg network), doesn't include processes started after perfmon setup, and it can be time consuming to match processes with their perfmon id.
Resource Monitor's Disk tab gives very useful information, but unfortunately it does not offer historical logging. It can not tell me why, for example, "% Idle Time" was 0 for 20 seconds at 10am.
The information I'm after is:
- Which processes were using the disk the most?
- What files were they accessing?
Solution 1:
Install PAL, run it for a day, and let it analyze the data captured.
Solution 2:
Process Monitor from microsoft's sysinternals will do this in real time, or you can leave it running for as long as necessary. You can also save your config, and the entire program is easily scriptable.
http://technet.microsoft.com/en-us/sysinternals/bb896645
There are 5 buttons on the top, turn off all but the one that looks like a file cabinet. (file system access)
You can right click on a program's name in the list and tell the program to exclude that item, so you can ignore system processes like DLLHost.
Any programs that access the drive will immediately show up in this list.
Good luck.!
Alternately, use the following batch file in a scheduled task to log for a while and then close.
set Delaytime=3
start Procmon.exe /quiet /accepteula /minimized /backingfile log.pml
ping 127.0.0.1 -n %Delaytime% -w 1000 > NUL
start Procmon.exe /quiet /accepteula /minimized /terminate
Just change Delaytime to the number of seconds you want to log, and then later open log.pml.