Current state of Windows services on a host
Many critical IT applications and services running on Windows operating systems run as a Windows Service. If an expected Windows Service is not currently in a running state, it may result in stability issues for a critical application. You want to be able to see the current state one or more services running on a host.
Data required
Microsoft: Windows update logs
Procedure
For an example
inputs.conf
file that can be deployed to the universal forwarder on the Windows host to collect service state information, click here. - In Splunk Enterprise or Splunk Cloud Platform, verify that you deployed the Splunk Add-on for Microsoft Windows add-on to your search heads, indexer, and universal forwarders on the monitored systems. For more information, see About installing Splunk add-ons.
- Run the following search. You can optimize it by specifying an index and adjusting the time range.
host="<name of host to check>" DisplayName="<name of service to check>" sourcetype=WinHostMon source=service | rename DisplayName AS "Service" | stats latest(State) AS State BY host Service Path
Search explanation
The table provides an explanation of what each part of this search achieves. You can adjust this query based on the specifics of your environment.
Splunk Search | Explanation |
---|---|
host="<name of host to check>" DisplayName="<name of service to check>" |
Search indexes where Windows service status data is being collected and filter down to the desired hosts and services to check. |
sourcetype=WinHostMon source=service |
Search only Windows host monitoring data. |
| rename DisplayName AS "Service" |
Rename the field as shown for better readability. |
| stats latest(State) AS State BY host Service Path |
Return the most current value for the service state for each host and service. Include the path used to launch the service in the results for additional context. |
Next steps
Use these results to monitor services and proactively manage potential stability issues.
Additionally, you might be interested in other processes associated with the Maintaining Microsoft Windows systems use case.