Query Details
Show Services That Have Stopped
Query
Use Case: Monitoring and alerting on the recent shutdown of application services within the last 7 days.
Query:
WindowsEvent('Application', 7d)
| where Message contains 'Service stopped'Explanation
The query is looking for recent shutdowns of application services within the last 7 days in the Windows event logs. It filters the events to only include those where the message contains the phrase 'Service stopped'.
Details
Ugur Koc
Released: February 4, 2024
Tables
WindowsEvent
Keywords
Monitoring,Alerting,Shutdown,Application,Services,Last7Days,WindowsEvent,Message,ServiceStopped
Operators
|wherecontains