hai all How to monitor a windows service, send an alert and restart the service?
what was the required configuration.
how we can run a script that restarts the remote service or send the request to a SOAR.
can you tell me the script.
generally windows services path will be Path="C:\WINDOWS\system32\svchost.exe
so what will be the script
Hi @sekhar463,
i haven't the script because I'm not a Windows specialist, but here you could find the script you need.
https://serverfault.com/questions/25081/how-do-i-restart-a-windows-service-from-a-script
For the SOAR, it depends on the SOAR you have, e.g. if you have Splunk Phantom it's already integrated, otherwise you need a script.
Ciao.
Giuseppe
if it was linux then how we can use the script to start a service from splunk if service down
Hi @sekhar463,
you have to create a script containing a remete shell command to restart the service.
Ciao.
Giuseppe
Hi @sekhar463,
your question is just a little more complicated:
youcan monitor your windows server, using a Forwarder and an Add-On (Splunk_TA_Windows) that I suppose you already installed and configured.
Then you can monitor a service using a simple search
index=windows sourcetype=WinHostMon Type=Service host=<your_host Name=<your_service>
| table Name DisplayName Description Path Started StartMode State
| where state=down
Then you can create an alert to send an email and eventually run a script that restarts the remote service or send the request to a SOAR.
Ciao.
Giuseppe