Forum Discussion
Render Piechart
- Jul 22, 2019
Update | where TimeGenerated >= ago(1d) | where (Classification == "Security Updates" or Classification == "Critical Updates") | where UpdateState == "Needed" | extend su = iif(Classification=="Security Updates", 1,0) | extend cu = iif(Classification=="Critical Updates", 1,0) | summarize dcount(su), dcount(cu) by Computer | where dcount_cu > 1 and dcount_su > 1 | count
CliveWatson Thanks a lot sir,
Now I am bit stuck to represent this through a pie chart. As i want servers that have missing security update >1 also critical update > 1. But when i thought about query found below hurdles:-
If i will go by classification then this field either have Security Updates or Critical Updates. And if i will use below line in query then i will nothing in result since since field cannot hold both at a time.
In a table, this would work (not Pie chart)
Update | where TimeGenerated >= ago(1d) | where (Classification == "Security Updates" or Classification == "Critical Updates") | where UpdateState == "Needed" | summarize by Classification, Computer | evaluate pivot(Classification)
or , this that allows you to see when > 1 for the two columns?
Update | where TimeGenerated >= ago(1d) | where (Classification == "Security Updates" or Classification == "Critical Updates") | where UpdateState == "Needed" | extend su = iif(Classification=="Security Updates", 1,0) | extend cu = iif(Classification=="Critical Updates", 1,0) | summarize dcount(su), dcount(cu) by Computer | where dcount_cu > 1 and dcount_su > 1
- GouravINJul 22, 2019Brass Contributor
CliveWatson Thank you very much for the help.
Sir, Is it possible to count server numbers that has security and Critical patches missing.
Like, I have total 20 servers and 15 has security and 8 has critical patches missing. So i want server count that has both of patches missing.
Update| where TimeGenerated >= ago(1d)| where (Classification == "Security Updates" or Classification == "Critical Updates")| where UpdateState == "Needed"| extend su = iif(Classification=="Security Updates", 1,0)| extend cu = iif(Classification=="Critical Updates", 1,0)| summarize dcount(su), dcount(cu) by Computer| where dcount_cu > 1 and dcount_su > 1| project Computer| print Total_Server = count(project Computer)when I used project Computer that populated all computer name. But I want total count of Computer, if somehow i can achieve this. That would be the best answer of my question.Thanks in advance :)- CliveWatsonJul 22, 2019Microsoft
Update | where TimeGenerated >= ago(1d) | where (Classification == "Security Updates" or Classification == "Critical Updates") | where UpdateState == "Needed" | extend su = iif(Classification=="Security Updates", 1,0) | extend cu = iif(Classification=="Critical Updates", 1,0) | summarize dcount(su), dcount(cu) by Computer | where dcount_cu > 1 and dcount_su > 1 | count
- GouravINJul 22, 2019Brass Contributor
Ahh.... I missed this simple thing.
CliveWatson Thanks a lot Sir for helping me here :)