Forum Discussion
Bob Clements
Jan 12, 2018Copper Contributor
Query with SCCM ComputerGroup
The following documentation provides some example queries using Computer Groups:
Computer groups in Log Analytics log searches
I am attempting to run a query using some computer groups imported from SCCM. I have confirmed that the groups are available through Settings > Computer Groups > SCCM. However, my query isn't providing any results. These are a couple of the queries I am attempting to process:
let WaaSGroup = ComputerGroup | where GroupSource == "SCCM" and Group == "Collection 001" | distinct Computer; WaaSDeploymentStatus | where Computer in (WaaSGroup) | where DeploymentStatus=="Failed"
let DriverGroup = ComputerGroup | where GroupSource == "SCCM" and Group == "Collection 002" UADriver | where Computer in (DriverGroup) | where Issue == "Driver will not migrate to new OS"
Does anyone have any clarification on the query syntax when using an imported computer group?
Thanks!
- Meir_Mendelovich
Microsoft
Hi Bob,
Please provide us some more details so we can help you.
Does the following queries provide any results?
- ComputerGroup | where GroupSource == "SCCM" and Group == "Collection 001" | distinct Computer
- ComputerGroup | where GroupSource == "SCCM" and Group == "Collection 001" and TimeGenerated > ago(2d) | distinct Computer
- ComputerGroup | where GroupSource == "SCCM" and Group == "Collection 002" | distinct Computer
- ComputerGroup | where GroupSource == "SCCM" and Group == "Collection 002" and TimeGenerated > ago(2d) | distinct Computer
BTW: you forgot the "distinct Computer" in the Collection 002 query.
Thanks,
Meir
- Bob ClementsCopper Contributor
Hi Meir,
All 4 of the queries that you provided work as expected. I receive the list of computers that correspond to the different groups.
How would I take these results and run them against a table search? For example, one of the following conditions:
WaaSDeploymentStatus | where Computer in (WaaSGroup) | where DeploymentStatus=="Failed" UADriver | where Computer in (DriverGroup) | where Issue == "Driver will not migrate to new OS"