Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New metricset for windows services status #5256

Closed
martinscholz83 opened this issue Sep 27, 2017 · 3 comments
Closed

New metricset for windows services status #5256

martinscholz83 opened this issue Sep 27, 2017 · 3 comments
Labels
discuss Issue needs further discussion. enhancement Metricbeat Metricbeat module

Comments

@martinscholz83
Copy link
Contributor

martinscholz83 commented Sep 27, 2017
edited
Loading

Because there are some requests for having a collector for windows services, i have decided to create a new metricset. Config would look like this

- module: windows
  metricsets: ["services"]
  period: 10s
  services:
    state: "[all] | [active] | [inactive]

With state option you can decide which services you would to like to collect. This option is optional and has all as default value.

Here is an output example

{
  "@timestamp": "2017-09-27T06:32:01.561Z",
  "@metadata": {
    "beat": "metricbeat",
    "type": "doc",
    "version": "7.0.0-alpha1"
  },
    "beat": "metricbeat",
    "type": "doc",
    "version": "7.0.0-alpha1"
  },
  "windows": {
    "services": {
      "state": "ServiceRuning",
      "display_name": "Benutzerdatenzugriff_1f43d46",
      "service_name": "UserDataSvc_1f43d46"
    }
  },
  "metricset": {
    "module": "windows",
    "name": "services",
    "rtt": 16511
  },
  "beat": {
    "name": "4201halwsd00001",
    "hostname": "4201halwsd00001",
    "version": "7.0.0-alpha1"
  }
}
{
  "@timestamp": "2017-09-27T06:32:01.561Z",
  "@metadata": {
    "beat": "metricbeat",
    "type": "doc",
    "version": "7.0.0-alpha1"
  },
  "beat": {
    "name": "4201halwsd00001",
    "hostname": "4201halwsd00001",
    "version": "7.0.0-alpha1"
  },
  "windows": {
    "services": {
      "display_name": "Windows-Pushbenachrichtigungs-Benutzerdienst_1f43d46",
      "service_name": "WpnUserService_1f43d46",
      "state": "ServiceStopped"
    }
  },
  "metricset": {
    "rtt": 16511,
    "module": "windows",
    "name": "services"
  }
}
@martinscholz83
Copy link
Contributor Author

Should i open a PR?

@andrewkroh
Copy link
Member

SGTM. I have a few questions.

  • Would it be possible to collect info about the auto-start setting for the service (like auto/manual/disabled)?
  • And how about uptime for the service?

As for the config, for the first iteration I recommend not including the services.state filter. I'd like to see if it's really necessary. We have the drop_event filter that could be used instead.

@andrewkroh andrewkroh added discuss Issue needs further discussion. Metricbeat Metricbeat module enhancement labels Sep 28, 2017
@martinscholz83
Copy link
Contributor Author

Yes that is possible. You have QueryServiceConfig and QueryConfigService2 which deliver you detailed information about a service. However this requires to open every service you get and call one of these functions. The uptime you can get with the ProcessId. With this ID you can call OpenProcess. With the returned handle you can call GetProcessTimes

@martinscholz83 martinscholz83 mentioned this issue Oct 5, 2017
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discuss Issue needs further discussion. enhancement Metricbeat Metricbeat module
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@andrewkroh @martinscholz83