Ad slot: top
GoSplunk SPL + dashboard repository
Log in Register

SPL

Shutdown or Suspend a Service in Windows

WinEventLog:Application

Description

Submitted by SplunkNinja

This splunk query will return results for any Windows Service that has been stopped. Ensure the Splunk App for Windows is installed grab it here: https://apps.splunk.com/app/742/
1 1 
sourcetype=WinEventLog:Application EventCode=108 | eval Date=strftime(_time, "%Y/%m/%d") | stats count by Date, SourceName, host | sort - Date | fields - count

Comments

0 total

Be the first to comment on this SPL.

Leave a comment

You must log in to post a comment.

Ad slot: bottom