This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.
« Windows perfmon metricset ZooKeeper module »
Elastic Docs Metricbeat Reference [master] Modules Windows module

Windows service metricset

edit

Windows service metricset

edit

The service metricset of the Windows module reads the status of Windows services.

Dashboard

edit

The service metricset comes with a predefined dashboard. For example:

metricbeat windows service

Configuration

edit
- module: windows
  metricsets: ["service"]
  period: 60s

Filtering

edit

Processors can be used to filter the events based on the service states or their names. The example below configures the metricset to drop all events except for the events for the firewall service. See Processors for more information about using processors.

- module: windows
  metricsets: ["service"]
  period: 60s
  processors:
    - drop_event.when.not.equals:
        windows.service.display_name: Windows Firewall

Fields

For a description of each field in the metricset, see the exported fields section.

Here is an example document generated by this metricset:

{
    "@timestamp": "2017-10-12T08:05:34.853Z",
    "event": {
        "dataset": "windows.service",
        "duration": 115000,
        "module": "windows"
    },
    "metricset": {
        "name": "service"
    },
    "service": {
        "type": "windows"
    },
    "windows": {
        "service": {
            "display_name": "Servicio de enrutador de AllJoyn",
            "exit_code": "ERROR_SERVICE_NEVER_STARTED",
            "id": "IOQgaoSLJ7",
            "name": "AJRouter",
            "start_type": "Manual (Triggered)",
            "state": "Stopped"
        }
    }
}
« Windows perfmon metricset ZooKeeper module »