Forum Discussion

Arslan11's avatar
Arslan11
Brass Contributor
Jun 25, 2020

Amending existing KQL

Perf
// set up filters
| where ObjectName == "LogicalDisk" and CounterName == "% Free Space"
| where strlen(InstanceName) == 2 and InstanceName contains ":"
// exclude ALL these named computers
| where Computer !in ("net-fs3.networkhg.org.uk","NET-FS1.networkhg.org.uk","NET-SQL3.networkhg.org.uk",
                    "NET-EDMLIVEDB1.networkhg.org.uk","NET-EDM_KOFAX1.networkhg.org.uk")
// Show all
| summarize Free_Space = min(CounterValue) by Computer , InstanceName
// Exclude these drive / Computer combinations
// Use a "1" to denaote an exclude else "0"
| extend ComputerList = case(
                            Computer == "NET-REPAIR2.networkhg.org.uk" and InstanceName == "E:",1,
                            Computer == "NH-E2016-01.networkhg.org.uk" and InstanceName == "E:",1,
                            Computer == "NH-E2016-02.networkhg.org.uk" and InstanceName == "E:",1,  
                            Computer == "net-boxi1.networkhg.org.uk"   and InstanceName == "D:",1,
                            //else zero
                            0)
| where ComputerList !=1
| where Free_Space < 10
| project-away ComputerList
 
I need assistance with amending the query further and make it more automated. I would like to avoid another computer within this query, for instance I would like computer NET-SQL2 to monitor Instance name G drive if it less then 6 %
 
Is it possible for this to be done
No RepliesBe the first to reply

Resources