Here's a couple of ways of getting a list of Windows services and the status of these services into Splunk: Windows Host Monitoring In the inputs.conf file add a stanza like this: [WinHostMon://Service]
interval = 600
disabled = 0
type = Service
index = windows This will collect a list of services, and status, every 10 minutes, from the system running the Splunk Forwarder. More documentation here: https://docs.splunk.com/Documentation/Splunk/9.1.1/Admin/Inputsconf#Windows_Host_Monitoring WMI Create a WMI.conf file and add the following stanza: [WMI:WindowsServiceState]
interval = 600
wql = select Name, DisplayName, Description, State from Win32_Service
disabled = 0
index = windows This will collect the same data as the previous example, however its more customisable - for example you can use WMI to narrow down to collecting data on only specific services, or even querying a remote server. More documentation here: https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Wmiconf
... View more