Forum Discussion
lucajons1980
Mar 22, 2019Copper Contributor
Create alert when microsft third part service stopped and not return in the status started after 5 m
Hi, I want to create an alert when Microsoft services (3 parts) stopped and not return at started after 3 minutes. I read the precedent post (Monitoring Windows Services States with Log Analytics) a...
CliveWatson
Mar 22, 2019Microsoft
Have you looked at https://cloudadministrator.net/2018/03/16/using-custom-log-search-alerts-based-on-metric-measurement-for-event-based-logs/
?
- lucajons1980Apr 01, 2019Copper Contributor
Hi CliveWatson i read your URL but i have a different need.
In the example :
Event
| where Computer contains "BKE02"
| where EventLog == "Application" and Source == "BiTXRDeq"
| where RenderedDescription has "stopped"
| sort by TimeGenerated desc
| summarize count() by Computer, RenderedDescriptionIn the up query I have service with source =BiTXRDeq, when his stopped he send email alert; but i must excluded when the service restart and I've 2 event : stopped and started this service (with 1 minute difference).
In 'creat rule' i can add only one log search (file image2).how I can do it ?
regards
- lucajons1980Apr 01, 2019Copper Contributor