Getting Data In

How to monitor a windows service, send an alert and restart the service?

sekhar463
Path Finder

hai all How to monitor a windows service, send an alert and restart the service?

what was the required configuration.

Labels (1)
0 Karma

sekhar463
Path Finder

how we can  run a script that restarts the remote service or send the request to a SOAR.

can you tell me the script.

generally windows services path will be Path="C:\WINDOWS\system32\svchost.exe

so what will be the script

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @sekhar463,

i haven't the script because I'm not a Windows specialist, but here you could find the script you need.

https://serverfault.com/questions/25081/how-do-i-restart-a-windows-service-from-a-script

For the SOAR, it depends on the SOAR you have, e.g. if you have Splunk Phantom it's already integrated, otherwise you need a script.

Ciao.

Giuseppe

0 Karma

sekhar463
Path Finder

if it was linux then how we can use the script to start a service from splunk if service down

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @sekhar463,

you have to create a script containing a remete shell command to restart the service.

Ciao.

Giuseppe

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @sekhar463,

your question is just a little more complicated:

youcan monitor your windows server, using a Forwarder and an Add-On (Splunk_TA_Windows) that I suppose you already installed and configured.

Then you can monitor a service using a simple search

index=windows sourcetype=WinHostMon Type=Service host=<your_host Name=<your_service>
| table Name DisplayName Description Path Started StartMode State
| where state=down

Then you can create an alert to send an email and eventually run a script that restarts the remote service or send the request to a SOAR.

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

The new SOC4Kafka connector, built on OpenTelemetry, enables the collection of Kafka messages and forwards ...

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Building Momentum: Splunk Developer Program at .conf25

At Splunk, developers are at the heart of innovation. That’s why this year at .conf25, we officially launched ...