[windows/perfmon] - Expose match_by_parent_instance option for perfmon

[VihasMakwana]

Proposed commit message

Add match_by_parent_instance option to windows perfmon datastream.
This option defaults to true because it is enabled by default in beats.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.
• I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

• [ ]

How to test this PR locally

1. Build package from this branch by running elastic-package build
2. Add the newly built package to a policy on fleet
3. Install the elastic agent on Windows with the policy
4. Observe the windows.perfmon.instance values in default mode (It should show svchost, connhost etc.)
5. Disable the match_parent_by_instance boolean and update the policy
6. Observe the windows.perfmon.instance values in default mode (you should see svchost#1, svchost#2, connhost#2 etc.)

Related issues

Screenshots

The option on integrations page

Instance names with match_by_parent_instance enabled (default)

Instance names with match_by_parent_instance disabled

beat_rendered_config.yaml

[elasticmachine]

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

[elasticmachine]

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)

[elastic-vault-github-plugin-prod]

🚀 Benchmarks report

Package windows 👍(5) 💚(0) 💔(4)

Expand to view

Data stream	Previous EPS	New EPS	Diff (%)	Result
applocker_exe_and_dll	6134.97	4545.45	-1589.52 (-25.91%)	💔
applocker_packaged_app_execution	12195.12	9803.92	-2391.2 (-19.61%)	💔
forwarded	1221	928.51	-292.49 (-23.95%)	💔
windows_defender	11363.64	9615.38	-1748.26 (-15.38%)	💔

To see the full report comment with /test benchmark fullreport

[rdner]

We need testing steps in the description that would demonstrate that the rendered Filebeat configuration (can be acquired from Elastic Agent Diagnostics, path ./components/*/beat-rendered-config.yml) contains the right option in the right place.

[VihasMakwana]

@rdner Thanks! I'll attach some screenshots as well. I have them on my windows but it's not booting up. I'll update you once i do it.

[VihasMakwana]

@rdner I've attached the screenshots to the PR description and added testing steps.

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: bf11ec8

History

• 💔 Build #33786 failed 9f06434
• 💔 Build #33763 failed c837c93
• 💚 Build #33725 succeeded c9e8569
• 💔 Build #33601 failed 361415d
• 💔 Build #33196 failed 4e1302e

cc @VihasMakwana

[elastic-vault-github-plugin-prod]

Package windows - 3.2.0 containing this change is available at https://epr.elastic.co/package/windows/3.2.0/