There are a few Windows services I want HeartBeat to monitor, and
processors:
- add_process_metadata:
match_pids: [system.process.ppid]
# out of desperation I tried this too: match_pids: [system.process.ppid, process.ppid, process.pid, "system.process.ppid", "process.ppid", "process.pid", "*"]
in file heartbeat.yml (coupled with a ICMP monitor) is advertised in documentation* to make this possible. Yet, with this config, I see no trace of processes in the documents generated by Heartbeat.
So can Heartbeat "document" which Windows service is up (or down) with add_process_metadata? Either by binary name, service name or (worst case) listening port. And if so, how?
There is a workaround by configuring a TCP monitor on a specific IP:port. But that requires figuring out the listening port of the service I am interested in. And this port can vary as it is decided at service installation time based on port availability. For that reason I would prefer a configuration by binary or service name (which are fixed and never change between installations).
Thx
ps: I have yet to investigate other beats. But before I move on, I was just interested in getting the most out of heartbeat.
*https://www.elastic.co/guide/en/beats/heartbeat/current/add-process-metadata.html