Hi All
I have a metricbeat which checks the service status which monitors the WWWServices. See below the Query
event.dataset:windows.service AND windows.service.name: W3SVC AND windows.service.start_type.keyword:"Automatic"
I would like to query for a service down, i know that I can run
event.dataset:windows.service AND windows.service.name: W3SVC AND windows.service.start_type.keyword:"Automatic" AND NOT windows.service.state: Running
My requirement is to identify when a 20 % of the services are down on multiple host to raise an alert.
Any idea ?
regards, Ginu