Forum Discussion
Arslan11
Jun 25, 2020Brass Contributor
Amending existing KQL
Perf
// set up filters
| where ObjectName == "LogicalDisk" and CounterName == "% Free Space"
| where strlen(InstanceName) == 2 and InstanceName contains ":"
// exclude ALL these named computers
| where Computer !in ("net-fs3.networkhg.org.uk","NET-FS1.networkhg.org.uk","NET-SQL3.networkhg.org.uk",
"NET-EDMLIVEDB1.networkhg.org.uk","NET-EDM_KOFAX1.networkhg.org.uk")
// Show all
| summarize Free_Space = min(CounterValue) by Computer , InstanceName
// Exclude these drive / Computer combinations
// Use a "1" to denaote an exclude else "0"
| extend ComputerList = case(
Computer == "NET-REPAIR2.networkhg.org.uk" and InstanceName == "E:",1,
Computer == "NH-E2016-01.networkhg.org.uk" and InstanceName == "E:",1,
Computer == "NH-E2016-02.networkhg.org.uk" and InstanceName == "E:",1,
Computer == "net-boxi1.networkhg.org.uk" and InstanceName == "D:",1,
//else zero
0)
| where ComputerList !=1
| where Free_Space < 10
| project-away ComputerList
// set up filters
| where ObjectName == "LogicalDisk" and CounterName == "% Free Space"
| where strlen(InstanceName) == 2 and InstanceName contains ":"
// exclude ALL these named computers
| where Computer !in ("net-fs3.networkhg.org.uk","NET-FS1.networkhg.org.uk","NET-SQL3.networkhg.org.uk",
"NET-EDMLIVEDB1.networkhg.org.uk","NET-EDM_KOFAX1.networkhg.org.uk")
// Show all
| summarize Free_Space = min(CounterValue) by Computer , InstanceName
// Exclude these drive / Computer combinations
// Use a "1" to denaote an exclude else "0"
| extend ComputerList = case(
Computer == "NET-REPAIR2.networkhg.org.uk" and InstanceName == "E:",1,
Computer == "NH-E2016-01.networkhg.org.uk" and InstanceName == "E:",1,
Computer == "NH-E2016-02.networkhg.org.uk" and InstanceName == "E:",1,
Computer == "net-boxi1.networkhg.org.uk" and InstanceName == "D:",1,
//else zero
0)
| where ComputerList !=1
| where Free_Space < 10
| project-away ComputerList
I need assistance with amending the query further and make it more automated. I would like to avoid another computer within this query, for instance I would like computer NET-SQL2 to monitor Instance name G drive if it less then 6 %
Is it possible for this to be done
No RepliesBe the first to reply