Windows service metricset

edit

The service metricset of the Windows module reads the status of Windows services.

Dashboard

edit

The service metricset comes with a predefined dashboard. For example:

metricbeat windows service

Configuration

edit
- module: windows
  metricsets: ["service"]
  period: 60s

Filtering

edit

Processors can be used to filter the events based on the service states or their names. The example below configures the metricset to drop all events except for the events for the firewall service. See Processors for more information about using processors.

- module: windows
  metricsets: ["service"]
  period: 60s
  processors:
  - drop_event.when.not.equals:
      windows.service.display_name: Windows Firewall

Fields

edit

For a description of each field in the metricset, see the exported fields section.

Here is an example document generated by this metricset:

{
    "@timestamp": "2017-10-12T08:05:34.853Z",
    "event": {
        "dataset": "windows.service",
        "duration": 115000,
        "module": "windows"
    },
    "metricset": {
        "name": "service"
    },
    "service": {
        "type": "windows"
    },
    "windows": {
        "service": {
            "display_name": "Servicio de enrutador de AllJoyn",
            "exit_code": "ERROR_SERVICE_NEVER_STARTED",
            "id": "IOQgaoSLJ7",
            "name": "AJRouter",
            "start_type": "Manual (Triggered)",
            "state": "Stopped"
        }
    }
}