Hey.
   So i am looking to monitor a process in Zabbix and capture memory usage and cpu usage for said process, of course currently the discovery rule does not actually process the process name so to discovery services and monitor the process CPU/Memory is not out of the box.

I resolved that by doing some pre-processing etc.. to capture it out of {#SERVICE.PATH}. Now the problem is when there is a service that spawns different process i cannot monitor them. Below is a prime example "svchost". As you can see in the below output i need to monitor this process but in the discovery rule i get the below. 

{
  "

": "LPD Service",
  "{#SERVICE.DESCRIPTION}": "Enables client computers to print to the Line Printer Daemon (LPD) service on this server using TCP/IP and the Line Printer Remote (LPR) protocol.",
  "{#SERVICE.STATE}": 0,
  "{#SERVICE.STATENAME}": "running",
  "{#SERVICE.PATH}": "C:\\Windows\\System32
svchost.exe -k LPDService",
  "{#SERVICE.USER}": "LocalSystem",
  "{#SERVICE.STARTUPTRIGGER}": 0,
  "{#SERVICE.STARTUP}": 0,
  "{#SERVICE.STARTUPNAME}": "automatic"
}

Of course svchost.exe spawns multiple child process like the below. So my question is how do i identify the correct process using the discovery rules?

\Process(svchost)% User Time
\Process(svchost#1)% User Time
\Process(svchost)% User Time
\Process(svchost#1)% User Time
\Process(svchost#2)% User Time
\Process(svchost#3)% User Time
\Process(svchost#4)% User Time
\Process(svchost)% User Time
\Process(svchost#1)% User Time
\Process(svchost)% User Time
\Process(svchost)% User Time
\Process(svchost#1)% User Time

In my example i ran a WMI query against Win32_Process and got the PID then queried win32_PerfFormattedData_PerfProc_Process and got the data and it turned out that the LPD was using "svchost#3".

So i guess how can i get this information with native Zabbix keys?? The only option i have available is to not use Zabbix native keys and use WMI for my service discovery which i could then query the CPU/Mem details using the processID

Thanks