Alert when the Service Does not exist

Just noticed that the WinService- DS is deprecated, so there's that:

Are you using that one or a different one? (perhaps 6HJZC9 or a different one?) Either way, the deprecated one doesn't discover services, you have to add them manually (unless you've modified it like i'm about to tell you to do). 6HJZC9 does use discovery, but it won't discover a service that isn't present at the time of discovery, so it won't meet your needs either.

So, taking a DS like the deprecated WinService- DS, notice that there is no discovery out of the box. The only way to get those services added into monitoring is to navigate to the device and click "Manage" >> "Add Monitored Instance". You give the name of the service and whatnot and it starts monitoring it.

What I like to do is automate the "Add Monitored Instance" bit. I do this by enabling Active Discovery on the datasource. You might have trouble doing this because of the deprecated status, so just clone the DS and try it there. Once you've enabled Active Discovery, you need to tell LM how to perform active discovery.

Normally, this would involve providing some WMI stuff to the DS telling it to query the device for all the services and include or exclude certain services by name or status. This is what 6HJZC9 does. It provides the Win32_service WMI class and the displayname property. The Collector queries each Windows server the matches the AppliesTo and returns the entire list of all objects in that WMI class, effectively telling LM to monitor every service. In 6HJZC9's case, there is a post discovery filter that causes only a subset of all services to end up as monitored instances.

However, this won't work for you because this would still only discover services that do exist, not the ones that should exist. To get that, we need to change how discovery works. Instead of querying the Windows box for what services do exist, we are going to specify a list of services should exist. We'll feed this list into active discovery and that will create our instances. 

So two parts here: 1) the list of services to monitor and 2) the active discovery configuration to turn the list into instances that will be monitored.

1) The list

Ok, so, how do we tell LM what list of services we want to monitor? That's actually pretty easy. All we need to do is put the list as a custom LM property on the Windows device. How exactly we do this doesn't really matter because we'll be building the custom script to parse from a single string of text into the list of instances. So, let's just combine the list of services and separate them with a pipe character:

Windows Firewall|Bonjour Service|Routing and Remote Access

Cool, now we need to set this as a property on our Windows server in LM. We can do that on the server itself, but that doesn't really save us any effort. Instead, let's put it on a group and add the servers into the group. That way the property is inherited by all the devices in that group. Let's call our property "expected.services".

2) The Active Discovery configuration

Now, how do we turn that property into a list of instances to be monitored? That's actually pretty easy. We'll switch the discovery method to "SCRIPT". This allows us to write a Groovy script that will output the list of instances:

hostProps.get("expected.services").tokenize("|").each{
    println(it + "##" + it)
}
return 0

And that's it. Now the property causes instances to be created, which are then monitored. If the instances created are on the Windows server, it'll monitor them. If they're not, it'll try to monitor them and fail. This will mean a 'no data' event, which you can alert on.

Something to understand here: The Collector attributes of this DS specify displayname as the index property. This means, the display name is what is used to identify the service. If you want to use name instead, you'll need to change what goes into your property and also change the index Property in the Collector Attributes to 'name' instead of 'displayName'.