Forum Discussion
lucajons1980
Mar 22, 2019Copper Contributor
Create alert when microsft third part service stopped and not return in the status started after 5 m
Hi, I want to create an alert when Microsoft services (3 parts) stopped and not return at started after 3 minutes. I read the precedent post (Monitoring Windows Services States with Log Analytics) a...
lucajons1980
Apr 01, 2019Copper Contributor
Hi CliveWatson i read your URL but i have a different need.
In the example :
Event
| where Computer contains "BKE02"
| where EventLog == "Application" and Source == "BiTXRDeq"
| where RenderedDescription has "stopped"
| sort by TimeGenerated desc
| summarize count() by Computer, RenderedDescription
In the up query I have service with source =BiTXRDeq, when his stopped he send email alert; but i must excluded when the service restart and I've 2 event : stopped and started this service (with 1 minute difference).
In 'creat rule' i can add only one log search (file image2).
how I can do it ?
regards
lucajons1980
Apr 01, 2019Copper Contributor