Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Decouple a process in windows

pratik97
Engager
‎05-15-2019 11:37 PM

So, I want to detach a process in windows using python code. What I want to do is, I am spawning a process from Splunk which calls some REST APIs and gets some data(scripted input). Now, when Splunk is stopped, I still want to collect the data. I tried to CreateProcess() with DETACH_PROCESS flag but it still kills the process whenever Splunk stops. I read about it and I assume that Splunk uses some mechanism like Job Objects or something that kills all the child processes. I want this process to not get terminated when its parent gets terminated. I want to remove all its references from Splunk process. I also tried creating more than one processes and exiting them to eliminate any reference Splunk keeps(something like double fork) in Linux but that didn't work. Splunk spawns a service under svchost. Is there any way we can forcefully detach a process from the parent process, so it survives the parent's death?

Tags (1)
Reply
Get Updates on the Splunk Community!

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...