VM details query

Rahul_Mahajan 

For running state if you don't have it in any of your tables (its not a default for logging) then you have to create a test.  Here I'm joining the data to the Heartbeat Table as all Log Analytics computers will have this (you may wish to use another Table instead or in addition).  Its a basic test as a Server could be up but the agent not sending data.

// left Table
VMComputer
| where _ResourceId != ""
| summarize by TimeGenerated, HostName, AzureImageSku, AzureResourceGroup,
               AzureLocation, AzureSize, Cpus, DependencyAgentVersion, 
               PhysicalMemoryMB, OperatingSystemFamily, OperatingSystemFullName, 
               VirtualMachineType, VirtualizationState,
               tostring(Ipv4Addresses), tostring(Ipv4DefaultGateways), tostring(Ipv4SubnetMasks), tostring(MacAddresses)
// right Table
| join (
    Heartbeat
    //
    // I consider a machine to be running if we have a positive heartbeat count in the past hour 
    // This only tests the agent not the server
    //
    | where TimeGenerated > ago(1h)
    | summarize  HeartbeatCount = count() by Computer
) on $left.HostName == $right.Computer   // join on the HostName, by mapping that to the Computer name 
| extend isRunning = iif(HeartbeatCount >=0   ,"Running","Not found")

Go to Log Analytics and run query

e.g.

For disk size you will need a counter - do you have any for disk, normally these are under the Perf table?

There is an example query when you OPEN a new Tab.

// Top 10 computers with the highest disk space
// Show the top 10 computers with the highest available disk space
Perf
| where CounterName == "Free Megabytes" and InstanceName == "_Total" 
| summarize arg_max(TimeGenerated, *) by Computer
| top 10 by CounterValue