Need to monitor & alert on number of errors of third party service running on a Windows VM in Azure.

John Korkes

I have an Azure customer who wants to be able to monitor the Service State of a 3rd party service (not windows) on a VM and alert on it. Does anyone have a process and can share a kusto query to do this? Thanks in advance!

1 Reply


Previously I have written this blog post which is still valid:


Additionally Change Tracking solution can also monitor Services states and recently they've made it possible so you can monitor those with 10s difference:


You can potentially use change tracking for that as well as it offers better out of box experience for that. Example query for specific server and service will be :

| where ConfigChangeType == "WindowsServices" 
| where SvcState == "Stopped" 
| where SvcDisplayName == "WMI Performance Adapter" 
| where Computer == "ContosoFileSrv1" 

You will have to replace the display name of the service with the one you want to monitor and the Computer with the server name you want to monitor. With that query you can create Log Search alert of type Number of results.

You can also do it more dynamic with alert Log Search alert of type metric measurement. In that case the query will look the following:

| where ConfigChangeType == "WindowsServices" 
| where SvcState == "Stopped" 
| where SvcDisplayName == "WMI Performance Adapter" 
| summarize AggregatedValue = count() by Computer, bin(TimeGenerated, 5m) 

For that query Aggregated Value should be greater than 0. Trigger will be Consecutive breaches greater than 0. Period and frequency will be 5 minutes.


You can also see at more advanced scenario with having query aggregating on more than one filed here:

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies