Services - Windows eventtype=windows_index_windows eventtype=hostmon_windows Type=Service | eval Host=if(isnull(Host), upper(host), upper(Host)) | table Host, Name, StartMode, State $Time.earliest$ $Time.latest$ $job.sid$

Host All | loadjob $tok_job_base_search$ | fields Host | stats count by Host | sort Host Host Host * * Name All true Name Name * * ( ) Name=" " OR StartMode All Auto Disabled Manual StartMode StartMode * * State All Continue Pending Pause Pending Paused Running Stopped Stop Pending Start Pending State State * * -15m now

| search Host="$HostMonitoringHost$" $MultiServiceName$ StartMode="$StartMode$" State=$ServiceState$ | stats count by Host, Name, StartMode, State | table Host, Name, StartMode, State truefalserow