Log Insight – How to Monitor any Windows Service

Monitor critical services such as Exchange, SQL, Sharepoint, and more. The following guide will show you how to use Log Insight to monitor any Window Service and even get email alerts sent to you.

  1. Login to Log Insight as Admin

  2. On the top right corner, hit the dropdown and select Content Packs

  3. Verify that the Microsoft – Windows content pack is installed. If not install it
  4. Click on Microsoft – Windows > Agent Groups and copy everything in the Configuration box
  5. Next go to the menu on the top right corner and select Administration

  6. Click on Agents and paste everything to the Agent configuration box. Click on Save Configuration and then download the agent.

    Note: The configuration must be entered else the Windows Service won’t get detected

  7. Install the agent on the Windows machine that we want to monitor
  8. Next we need to find the Service name we want to monitor by going to Control Panel > Administrative Tools > Services
  9. Double click on the service we want to monitor and copy the display name and then close out the window.

    Note: In this example I chose the Print Spooler service, however the following steps applies to any Window Service. All you need is the Display Name of the service.

  10. Now go back to Log Insight and click on Interactive Analytics
  11. The following search Query applies to any Window Service. All we need to do is replace <Service Display Name> below with Print Spooler and enter it in the search query.

    The <Service Display Name> service entered the stopped state


  12. Next we can add it to a dashboard by click on the icon
  13. Fill out a name and assign it to a Dashboard and then click on Add
  14. Now go to Dashboards and click on the dropdown and select My Dashboards. You should now see the search query. It will display results only if a printer spooler service goes down.
  15. Now if we wanted an email alert we would repeat steps 10 to 11 and select
    > Create Alert from Query

  16. Provide a Name and Email address and click on Save
  17. You will now get an email alert whenever the Printer Spooler goes down
twitterpinterestlinkedinmail