{"id":13529798,"url":"https://github.com/d-led/proc_to_influxdb","last_synced_at":"2025-10-26T19:12:59.085Z","repository":{"id":146620339,"uuid":"72140525","full_name":"d-led/proc_to_influxdb","owner":"d-led","description":"observe windows process starts and stops via influxdb","archived":false,"fork":false,"pushed_at":"2018-03-22T21:49:12.000Z","size":17,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-11T23:40:37.212Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/d-led.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2016-10-27T19:20:56.000Z","updated_at":"2018-07-01T05:23:28.000Z","dependencies_parsed_at":"2023-04-11T05:01:30.904Z","dependency_job_id":null,"html_url":"https://github.com/d-led/proc_to_influxdb","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/d-led/proc_to_influxdb","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/d-led%2Fproc_to_influxdb","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/d-led%2Fproc_to_influxdb/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/d-led%2Fproc_to_influxdb/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/d-led%2Fproc_to_influxdb/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/d-led","download_url":"https://codeload.github.com/d-led/proc_to_influxdb/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/d-led%2Fproc_to_influxdb/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263343170,"owners_count":23452121,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T07:00:39.500Z","updated_at":"2025-10-26T19:12:54.034Z","avatar_url":"https://github.com/d-led.png","language":"C#","funding_links":[],"categories":["Collecting data into InfluxDB"],"sub_categories":["Projects"],"readme":"# proc_to_influxdb\n\n\u003e ever wondered what processes are being started and stopped on your machine?\n\nobserve windows process starts and stops via [InfluxDB](https://www.influxdata.com/time-series-platform/influxdb/), [influxdb-csharp](https://github.com/influxdata/influxdb-csharp), [WqlEventQuery](), with the code cleaning help of [Reactive Extensions](https://github.com/Reactive-Extensions/Rx.NET).\n\n## query in InfluxDB\n\nafter\n\n```\ncreate database processes\n```\n\nand running the application (requires administration rights)\n\nquery:\n\n```\n\u003e select * from processes..lifecycle order by time desc limit 10\nname: lifecycle\n---------------\ntime                event_name host  parent_process_id process_id process_name\n1477664284913589760 stopped    PING2 0                 13888      dllhost.exe\n1477664283913088768 stopped    PING2 0                 5344       dllhost.exe\n1477664279910585088 stopped    PING2 0                 7660       nvtray.exe\n1477664278912537600 stopped    PING2 0                 13624      nvtray.exe\n1477664278912537344 started    PING2 12844             7660       nvtray.exe\n1477664278911542016 started    PING2 9000              3736       conhost.exe\n1477664278911542016 started    PING2 948               13888      dllhost.exe\n1477664278911542016 started    PING2 12664             9000       observable_win_process.exe\n1477664278911541760 stopped    PING2 0                 6028       consent.exe\n1477664278910555648 started    PING2 948               5344       dllhost.exe\n```\n\nExample limiting the query to a time frame and a certain process:\n\n```\nselect * from processes..lifecycle\n   WHERE time \u003e '2016-10-27T20:21:00Z' AND time \u003c '2016-10-27T20:21:00Z' + 1m\n   AND process_name = 'git.exe'\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fd-led%2Fproc_to_influxdb","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fd-led%2Fproc_to_influxdb","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fd-led%2Fproc_to_influxdb/lists"}