Skip to content
observe windows process starts and stops via influxdb
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


ever wondered what processes are being started and stopped on your machine?

observe windows process starts and stops via InfluxDB, influxdb-csharp, WqlEventQuery, with the code cleaning help of Reactive Extensions.

query in InfluxDB


create database processes

and running the application (requires administration rights)


> select * from processes..lifecycle order by time desc limit 10
name: lifecycle
time                event_name host  parent_process_id process_id process_name
1477664284913589760 stopped    PING2 0                 13888      dllhost.exe
1477664283913088768 stopped    PING2 0                 5344       dllhost.exe
1477664279910585088 stopped    PING2 0                 7660       nvtray.exe
1477664278912537600 stopped    PING2 0                 13624      nvtray.exe
1477664278912537344 started    PING2 12844             7660       nvtray.exe
1477664278911542016 started    PING2 9000              3736       conhost.exe
1477664278911542016 started    PING2 948               13888      dllhost.exe
1477664278911542016 started    PING2 12664             9000       observable_win_process.exe
1477664278911541760 stopped    PING2 0                 6028       consent.exe
1477664278910555648 started    PING2 948               5344       dllhost.exe

Example limiting the query to a time frame and a certain process:

select * from processes..lifecycle
   WHERE time > '2016-10-27T20:21:00Z' AND time < '2016-10-27T20:21:00Z' + 1m
   AND process_name = 'git.exe'
You can’t perform that action at this time.