Getting Data In

Easy way to check if a windows service is running?

bfaber
Communicator

Can I use Splunk (wmi or forwarder) to see if a specific service is running on a given host? Can I get a list of all services running on that (those) host(s)?

Tags (3)
0 Karma

gkanapathy
Splunk Employee
Splunk Employee

If you're not too picky, you can also use the Windows System Event Log entries written by the Service Control Manager to see when a particular Service was last stopped or started.

triest
Communicator

Just FYI, this semi works; if the machine loses power suddenly, kicks the wrong disk, etc then the event isn't generated or potentially isn't logged and thus cannot be forwarded and thus splunk doesn't know.

If you're looking for a report to give you some idea of your availability, this might work as you can see the services starting back up. If you're looking for something to alert you that the service isn't running, then this has issues.

I realize this is an old answer, but since I came across it I thought I'd comment for others.

0 Karma

ziegfried
Influencer

You could use the sc command line utility in a scripted input.

DESCRIPTION:
        SC is a command line program used for communicating with the
        Service Control Manager and services.
USAGE:
        sc <server> [command] [service name] <option1> <option2>...

List all services:

sc query type= service

Get status for the eventlog service:

sc query eventlog

There is probably a way to do this with WMI as well.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...