Exchange 2013 collects a lot of performance data on itself by default. By a lot I mean that your Exchange 2013 server has data for about 3,000 performance counters for the last seven days sitting there waiting for you to access them. The problem, however, is that it is not readily apparent how to use this data in its native form. If you open the DailyPerformanceLogs folder on your Exchange 2013 server (C:\Program Files\Microsoft\Exchange Server\V15\Logging\Diagnostics\DailyPerformanceLogs by default) you will see 7 rather large files there with the extension .blg. On my lab servers they tend to run about 750MB each. If you open one up with performance monitor you’ll see a useless tangle of lines that will lend you absolutely no assistance in diagnosing the performance issues on your Exchange server. So how do you glean useful information from these logs? Well read the answers are below.
If you were to listen to Jeff Mealiffe’s session from TechEd this year on Exchange performance, you would know he suggests using SQL to store and parse these performance logs. While I think that is an excellent idea if you know how to do such things with SQL, I find myself lacking in such knowledge. As Jeff offers little help on the subject, my options there are either to learn SQL or to find another way to parse these files into something useful. I decided to go with the latter.
I did a little PowerShell research and found some super helpful commands for dealing with performance counter files; Get-Counter, Import-Counter, and Export-Counter. As soon as I saw such commands existed, I knew they would be helpful in my quest. So let’s put these commands to good use and find some useful counter data in those logs.
First we want to make sure we know what time frame we have data for. The default is 7 days or 5 GB of data. This default is set in a file called Microsoft.Exchange.Diagnostics.Service.exe.config located in the bin directory of your Exchange install path. If you want to retain more (or fewer) daily performance logs, then you can edit the line that reads
<add Name=”DailyPerformanceLogs” LogDataLoss=”True” MaxSize=”5120” MaxSizeDatacenter=”2048” MaxAge=”7.00:00:00” CheckInterval=”08:00:00” />
In my testing, it looks like Exchange keeps the lower of the MaxAge or MaxSize settings, so if you up the MaxAge to 14 days but do not change the MaxSize it will still only keep 5 GB of data which is not much more than 5 days’ worth.
To verify the exact time frame of performance data you have stored in your daily performance logs, you can run the following command
Import-Counter -path “C:\Program Files\Microsoft\Exchange Server\V15\Logging\Diagnostics\DailyPerformanceLogs\*.blg“ -Summary
This PowerShell command will tell you the oldest and newest records in your daily performance logs. If those records cover the time frame you are looking for, then let’s proceed.
Once we know we have the data we want, we can pull it out of the logs. This is a two-step process. First we want to load the data for the counter we want into a variable.
$Data = Import-Counter -path “C:\Program Files\Microsoft\Exchange Server\V15\Logging\Diagnostics\DailyPerformanceLogs\*.blg” -counter \EX01\MSExchange ADAccess Domain Controllers(*)\LDAP Read Time
Here I used the variable “$Data”. You can use any variable you like. I loaded the data for the performance counter LDAP Read Time, but again this works for any counter you can think of. The daily performance logs record most every counter that exists on your server, so you should be able to get information for anything that exists. The Exchange server in my lab that I am using for this exercise is name “EX01”, you’ll need to change that to your server name for this to work for you.
Once the data is in that variable, you just need to output it to its own .blg file. That can be done like this
After that finishes, you see you have a file called workingset.blg in your temp folder. Double click it and it will open with perfmon. You will see the data for the last seven day for only the one counter you were interested in.