Documentation forServer & Application Monitor
Monitoring your applications and environment is a key capability of Hybrid Cloud Observability and is also available in a standalone module, Server & Application Monitor (SAM). Hybrid Cloud Observability and SAM are built on the self-hosted SolarWinds Platform.

Windows Service Monitors

As described in Work with component monitors, SAM includes different "component monitor types" that use various methods to focus on elements such as services, logs, or processes. Windows Service Monitors are component monitors that track statistics for Windows services and applications. For example, you can use them to test if a specified Windows service is running, and then monitor the CPU, virtual memory, and physical memory used by the service.

For example, the following templates include component monitors which are Performance Counter Monitors that count various values:

Field descriptions


A default description of the monitor, which you can add to or replace. The variable to access this field is ${UserDescription}.

Enable Component

Determines whether the component is enabled. Disabling the component leaves it in the application in a deactivated state not influencing either SAM application availability or status.

Credential for Monitoring

Select a Windows credential that has WMI rights on the target node. This is typically a Windows administrator-level credential.

Click a credential in the list, or use the <Inherit credential from node> option. If the credential you need is not in the credentials list, add it in the Credentials Library. See Understand the Credentials Library for details.

Fetching Method

Configure the method used to gather data:

WinRM Authentication Mechanism

If the SAM WinRM toggle is enabled for application polling on the SolarWinds Platform server and target nodes, select an authentication method for the connection. The default setting is Negotiate.

  • Default: Specifies the transport to use for WS-Management protocol requests and responses: HTTP or HTTPS. The default is HTTP.
  • Digest: User name and password are required. The client sends a request with authentication data to an authenticating server, usually a domain controller. If the client is authenticated, then the server receives a Digest session key to authenticate subsequent requests from the client.
  • Negotiate: The client sends a request to the server to determine the protocol to use for Simple and Protected Negotiation (SPNEGO) authentication, which can be either:
    • Kerberos for domain accounts, or
    • NTLM for local computer accounts
  • Basic: User name and password are required, as sent via HTTP or HTTPS in a domain or workgroup.
  • Kerberos: User name and password are required for mutual authentication between the client and server, using encrypted keys. The client account must be a domain account in the same domain as the server. When a client uses default credentials, Kerberos is the authentication method if the connection string is not one of the following: localhost,, or [::1].
  • NtlmDomain: User name and password are required for NTLM authentication. The client proves its identity by sending a user name, password, and domain name.
  • CredSssp: User name and password are optional. The Credential Security Support Provider (CredSSP) lets an application delegate the user credentials from the client to the target server for remote authentication. The client is authenticated over the encrypted channel by using the SPNEGO protocol with either Kerberos or NTLM.

    Portions excerpted from the WinRM Glossary (© 2020, Microsoft Corp., available at

Net Service Name

The name of the service to monitor. To find the Service name on a Windows system, click Start > Administrative Tools > Services and then locate the desired service. Right-click the service and select Properties from the context menu. The Service name is the value of the Service name field in the Properties dialog box.

CPU Threshold

Set warning and critical threshold conditions based on the percentage of CPU resources in use by the monitored process.

To learn more about thresholds, see Application Monitor Thresholds.

Physical Memory Threshold

Set warning and critical threshold conditions based on the percentage of physical memory in use by the monitored process.

Virtual Memory Threshold

Set warning and critical threshold conditions based on the percentage of virtual memory in use by the monitored process.

User Notes

Add notes for easy reference. You can access this field by using the variable, ${UserNotes}.