I used sourcetype-perfmon:process and i could get fields - counter/instance/object which refers process name
We need WAY more explanation.
Hi @jeniemmanuel,
to do this I usually use a script (e.g. in Linux containing ps -eafd
) and I compare the result with a lookup in which I listed all the processes I should have so the difference is the missed processes.
You can find this script in Splunk_TA-nix for Linux or Splunk_TA-Windows for Windows.
Ciao.
Giuseppe