Log %CPU by Process over time

Question

Is there any easy way on Windows to log %CPU time per process over time to a file for later analysis?

As far as I can see...

1. Task manager shows me the %CPU per process but only visually - no way to save to a file.
2. Perfmon will let me save to a file, and will additionally create a time-based file (taking snapshots at specified time intervals) - which is almost what I want, except that as far as I can see it can't break down the %CPU by process.
3. Process Explorer will let me break down by process, but it will only save the file as a snapshot of a single point in time

So, none of these are quite what I need: I need to get a file that contains something like 'top 10 processes by CPU, every 15 seconds, until I stop the monitoring' The reason I need this because I have a machine on which some process is causing occasional brief spikes in CPU usage several times a day and I need to find out which process is the culprit.

Can anything do that, or have I missed some feature of perfmon or process explorer?

Answer 1

Process Monitor can do that for you.

You'll first might want to enable collection of profiling events:

Then, simply collect data for as long as you want (you may want to set up filters and enable Drop filtered events if you plan to collect for extended periods of time). Then go to Tools -> Process Activity Summary:

You'll now get a list of all active processes you recorded, with their activity over time.

You can then open the details for a single process (by double-clicking on it) and inspect the timestamps for certain events in the graph:

Answer 2

Step by Step instructions, based on the answer of "Der Hochstapler" https://github.com/pestrela/smi_counter/blob/master/light_monitor/README.md

1. Installation

   • download process monitor (https://docs.microsoft.com/en-us/sysinternals/downloads/procmon)
   • start it (1st time), then use the following shortcuts in sequence:

2. Configuration:

   • CTRL+E: Stop capture
   • CTRL+X: remove packets
   • CTRL+R: Reset filter
   • Toolbar:
     • DISABLE all events on the very right side of the toolbar (ie, 4x icons) all type of events (4x icons on very right side of tab bar)
     • ENABLE the last type of event (very last icon on tab bar - see picture)
   • Menus:
     • Filter / Drop filtered packets = ON
     • options / history depth: 10 Million
     • Options / Profiling events OFF

3. Capture:

   • CTRL+E: Start capturing
     • very important: confirm that you are getting about ~300 events per second.
     • if you are getting more, check the filtering again
   • Run a CPU-heavy for some seconds for testing purposes:
     • ie: powerMAX, cpu-z benchmark tab, etc
   • CTRL+E: Stop capturing

4. Analysis:

   • Tools / Process activity summary
     • in the new window, sort by CPU
     • Double click process to see a detailed timeline
     • Column detail, "user time" string
     • this will be the accumulated user time. In my 8-logical cores machines this grows 8s for every 1 second of real time

Out of scope: CPU parking - see this link to DISABLE that.
Configuration export: ProcmonConfiguration.pmc