Windows Services Monitoring plugin

Telegraf
,
1

Hi, hopefully i have this in the right category.

TICK stack newbie here so if you could explain like im 7 that would be fantastic.

I’ve been following the Github example for the win_services plugin THIS ONE

I got the script to work and email me with an alert when a service changes its state but when i was testing i was only collecting a couple of measurements which was fine, however i’ve added my script to my live server and i receive an email for all services that arent currently running (about 60 emails!!).

Script I’m using

var db = 'telegraf'

var rp = ‘autogen’

var measurement = ‘win_services’

var groupBy = [‘host’, ‘service_name’]

var whereFilter = lambda: (“host” == ‘DESKTOP-N31JAB1’)

var name = ‘Monitor Windows Services’

var idVar = name + ‘:{{.Group}}’

var message = ‘’

var idTag = ‘alertID’

var levelTag = ‘level’

var messageField = ‘message’

var durationField = ‘duration’

var outputDB = ‘chronograf’

var outputRP = ‘autogen’

var outputMeasurement = ‘alerts’

var triggerType = ‘threshold’

var crit = 4

var details = ‘Removed the HTML from here for now’

var data = stream
|from()
.database(‘telegraf’)
.retentionPolicy(‘autogen’)
.measurement(‘win_services’)
.groupBy(‘host’,‘service_name’)
|alert()
//.crit(lambda: “state” != 4)
.stateChangesOnly()
.message(‘Service {{ index .Tags “service_name” }} on Host {{ index .Tags “host” }} is in state {{ index .Fields “state” }} ‘)
.id(’{{ .Name }}’)
// Email subject
.message(‘{{ .ID }}:{{ .Level }}’)
//Email body as HTML
.details(details)
.email(‘phil@email.co.uk’)

I did try to post it using the preformatted text (it looks like the ‘code’ option). Sorry it didnt work

I’ve omitted email address and the HTML markup for the alert email.

RIght now it alerts me for every service that isnt running (state 4), which is causing a lot of noise. Is there a way to make it only send out an email if the state changes to any other state?

I tried commenting the line .crit(lambda: “state” !=4) hoping that might help, but now the emails dont flow at all. I know that i’m getting some metrics though because it also logs them in a text file.

Can i use some kind of array to set the states once then if any service changes state it alerts? I thought maybe using
|window()

if i could get the state of the services and window it, then maybe i could refer back to that each time? if the state changes in that time period then alert me? i dont know!

Still learning how all this TICK stuff goes together.

2

So out of the entire community here, not one single person has any idea at all how to help me achieve what i want?

I just want to get a list of services and alert when it chances from running to stopped. The documentation on GitHub has an example which is useless. It alerts for ALL services that aren’t running. Whether they should be running or not.

Or do i need to be an enterprise customer to stand a chance of getting any help?

Ridiculous.

3

I’m a newbie myself, so not sure if this is the issue, but it looks like you are missing the where clause in your data stream. In one of my TICKscripts I have the following:

var data = stream
    |from()
        .database(db)
        .retentionPolicy(rp)
        .measurement(measurement)
        .groupBy(groupBy)
        .where(whereFilter)

You have the whereFilter defined, but not used in your stream.

Hope this helps,
Perry

4

Hi Perry,

Thanks for taking the time to reply. I think you were right. In the end i changed the filter to look for services that auto start that werent running. Once i added those and included the where filter it began to work. I spent the morning restarting services just to see the emails coming in.

Thanks Perry.

Regards,

Phil