Query Details
Show Services That Have Started
Query
Use Case: Monitoring and alerting on service startup events within the last 7 days in Windows applications.
Query:
WindowsEvent('Application', 7d)
| where Message contains 'Service started'Explanation
The query is looking for service startup events in Windows applications that have occurred within the last 7 days. It filters the events to only include those that have a message containing the phrase "Service started".
Details
Ugur Koc
Released: February 4, 2024
Tables
WindowsEvent
Keywords
WindowsEvent,Application,7d,Message,Servicestarted
Operators
|wherecontains