I need to monitor and alert on a single process on a single Windows 7 machine. All I need to alert on is when it launches. Is there an easy way to do this within Splunk? I know I can do process monitoring via the Windows Infrastructure app, but I don't see any way to limit the collection to a single process, etc. I also really don't care about performance details.
Thanks,
Trevor
Use powershell:
Get-Process yourprocessname | Select-Object YourListOfProperties
Example:
[powershell://Processes-EX1]
script = Get-Process YOURPROCESSNAME | Select-Object Handles, NPM, PM, WS, VM, Id, ProcessName, @{n="SplunkHost";e={$Env:SPLUNK_SERVER_NAME}}
schedule = 0 */5 * ? * *
sourcetype = Windows:Process
PowerShell is natively supported on 6.3, if not you need an app:
http://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorWindowsdatawithPowerShellscripts