Windows service metricsetedit

Warning

This functionality is in beta and is subject to change. The design and code is considered to be less mature than official GA features. Elastic will take a best effort approach to fix any issues, but beta features are not subject to the support SLA of official GA features.

The service metricset of the Windows module reads the status of Windows services.

Dashboardedit

The service metricset comes with a predefined dashboard. For example:

./images/metricbeat-windows-service.png

Configurationedit

- module: windows
  metricsets: ["service"]
  period: 60s

Filteringedit

Processors can be used to filter the events based on the service states or their names. The example below configures the metricset to drop all events except for the events for the firewall service. See Filter and enhance the exported data for more information about using processors.

- module: windows
  metricsets: ["service"]
  period: 60s
  processors:
  - drop_event.when.not.equals:
      windows.service.display_name: Windows Firewall

Fieldsedit

For a description of each field in the metricset, see the exported fields section.

Here is an example document generated by this metricset:

{
    "@timestamp": "2017-10-12T08:05:34.853Z",
    "beat": {
        "hostname": "host.example.com",
        "name": "host.example.com"
    },
    "metricset": {
        "module": "windows",
        "name": "service",
        "rtt": 115
    },
    "windows": {
        "service": {
            "display_name": "AllJoyn-Routerdienst",
            "name": "AJRouter",
            "start_type": "ServiceDemandStart",
            "state": "ServiceStopped"
        }
    }
}