Decouple a process in windows

Splunk Search

So, I want to detach a process in windows using python code. What I want to do is, I am spawning a process from Splunk which calls some REST APIs and gets some data(scripted input). Now, when Splunk is stopped, I still want to collect the data. I tried to CreateProcess() with DETACH_PROCESS flag but it still kills the process whenever Splunk stops. I read about it and I assume that Splunk uses some mechanism like Job Objects or something that kills all the child processes. I want this process to not get terminated when its parent gets terminated. I want to remove all its references from Splunk process. I also tried creating more than one processes and exiting them to eliminate any reference Splunk keeps(something like double fork) in Linux but that didn't work. Splunk spawns a service under svchost. Is there any way we can forcefully detach a process from the parent process, so it survives the parent's death?

Get Updates on the Splunk Community!

Decouple a process in windows

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Global Splunk User Group Events: May + June 2026

Join the Conversation

Decouple a process in windows

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Global Splunk User Group Events: May + June 2026