This problem can be solved by leveraging a lookup table and a pretty simple search.
First, create a lookup file with your desired processes:
monitor_me.csv
sourcetype,process
proc,splunkd
proc,ntpd
proc,fsck_hfs
proc,backupd
proc,diskspaced
proc,webinspector
proc,Never Showing Up
proc,Splunk Can Monitor Things
| inputlookup monitor_me.csv
| join type=outer process
[ search sourcetype= proc
| stats count by process]
| table proc count
| fillnull value=0
| where count=0
The search results will look something like this, if the last two entries in the csv are not found:
process count
—————————————————————————
Never Showing Up 0
Splunk Can Monitor Things 0
Now, you can schedule this search and set up an alert.
... View more