how to capture the status of the process when it is stopped? I only have the status when it is running.
Metricbeat 7.0.0 (Windows Server 2008 R2)
Elasticsearch 7.0.0 (Ubuntu Server 18.04 LTS)
Hi @holiveira and welcome to discuss 
Metricbeat only collects information from things that are there, it cannot monitor things that are not there. For processes it only gets information from running processes, as top would do. It can at some moments get a process in stopped state if it has just been stopped but is still in the process table, but this is quite rare.
If you don't want to miss that a process has stopped, you can use the Auditbeat system module, that sends events when processes start or stop.
Hmmm, right. Thanks for the feedback.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.