Ad slot: top
GoSplunk SPL + dashboard repository
Log in Register

SPL

Start a Windows Service

WinEventLog:Application

Description

Submitted by SplunkNinja

This Splunk Query will return results for any Windows Service that has started. Ensure the Splunk App for Windows is installed grab it here: https://apps.splunk.com/app/742/
0 1 
sourcetype=WinEventLog:Application EventCode=105 | eval Date=strftime(_time, "%Y/%m/%d") | stats count by Date, SourceName, host | sort - Date | fields - count

Comments

0 total

Be the first to comment on this SPL.

Leave a comment

You must log in to post a comment.

Ad slot: bottom