We need to monitor custom company windows services and send an alert when one of them stops.
We have added the Windows Integration to the agent profile for the server that we want to monitor the Windows services on. We are using Fleet to manage our agent. We can see data in the "[Metrics Windows] Services dashboard", but our company created Windows services do not show up in the dashboard.
How can we get our custom Windows services in the data stream and create an alert when one of them stops.
Notes:
I am new to Elastic.
There was a similar topic, but no solution was provided.
So, the service IS in the data stream that is good; why it is not in the dashboard is unclear.. we can come back to that
So you can now create an alert probably a couple of different ways.
You can try this...
Kibana - Stack Management - Rules -> Create Rule
Metric Threshold rule
You can adjust the parameters...
name: myservice-alert
WHEN Document count IS BELOW OR EQUALS 5
FOR THE LAST 5 minutes
Filter (optional)
windows.service.state : Running and windows.service.name : yourserivename
Group alerts by (optional)
host.name
I added the alert as per your instructions (except the "Create alert" button did not exist and seems to be called "Create rule" now). I also added an action so it would send an email when the alert is triggered. I can't properly test the condition at this time, as once the alert went active it never goes inactive, and I can't find a way to acknowledge the alert...
The problem was that the alert was never recovering. It turned out to be a flaw in your logic for the condition. When it’s set to “IS BELOW OR EQUALS 5” the alert never recovers. The logic that works is: “IS BELOW 5”. The alert seems to be working as expect now.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
