Forum Discussion
Advanced Hunting Query to Include Assigned Tags
Good day community,
Is there a way to query tags assigned to devices in MDE? Ideally I would want to include such a query in a Power Bi Dashboard to allow for filtering of devices based on tags (location, environment, etc.).
From what I can see, it doesn't seem to be possible, but I'm far from being an expert when it comes to advanced queries 🙂
Thanks
- Tags don't show up in the DeviceInfo table, so I fear there is no way to retrieve this through KQL.
You could enrich the information through the API, this exposes the tags
- You need to join the query with the DeviceInfo table in order to retrieve the machine groups:
DeviceEvents
| take 10
| join kind=leftouter ( DeviceInfo | distinct DeviceId, MachineGroup) on DeviceId
| project-reorder MachineGroup
I would retrieve the DeviceInfo table within PowerBI and enable the correlation there.Thanks a lot for the recommendation, much appreciated. While this gives me the MachineGroup value, what I am looking for are tags that are assigned to devices. Ideally I would want to be able to query for information against specific tags OR at least be able to include this tag information in the output of a relevant query (similar to what MachineGroup) is giving me.
- Tags don't show up in the DeviceInfo table, so I fear there is no way to retrieve this through KQL.
You could enrich the information through the API, this exposes the tags
- I had a look, on your recommendation, and it seems I am able to retrieve all information, including the machineTag value using as an OData feed into PBI. Thank you very much for the guidance, this really makes my life a whole lot easier!
SebastiaanR Do you have the OBI query you used or the table name? I need to perform similar thing and trying to get this data at this stage with the Advanced Hunting without success. if API is the only way, I want to explore that too.
Thanks,
Sagar
- Hi SebastiaanR,
I need to report on MDE devices and split out the reporting by tag but need a head start on how you managed to get this information. Would you be willing to share some more information how you achieved the results?
