#AzureMonitor: Service State Monitoring

I was having a conversation with a colleague recently about monitoring and reporting on the health of Windows Services using Azure Monitor, and he kindly reminded me that the Azure Automation Change Tracking solution looks at service state.

I did a bit of a dig, and came up with this:

ConfigurationData
| where ConfigDataType == “WindowsServices”
| project Computer , SvcDisplayName , SvcName , SvcStartupType, SvcState , SvcAccount, TimeGenerated
| where SvcStartupType == “Auto”
| summarize arg_max(TimeGenerated, *) by Computer, SvcName
| sort by Computer asc, SvcName asc, TimeGenerated desc

Which can easily be used in a workbook to list servers with service state, as you can see from this rough draft:

clip_image002

You can also create alerts for service state changes using a variation of the following query:

ConfigurationChange
| where ConfigChangeType == “WindowsServices” and SvcChangeType == “State”
| where SvcPreviousState == “Running” and SvcState == “Stopped”
| where SvcStartupType == “Auto”
| where TimeGenerated > ago(10m)

3 thoughts on “#AzureMonitor: Service State Monitoring

    1. I have now had a bit of time to test this (and wrote an updated blog post with one of my colleagues on the topic) – if you change the frequency of collecting service health state to 1 minute, we could raise an alert within 2-3 minutes.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s