Forum Discussion
Solved
Advanced Hunting Query to Include Assigned Tags
Good day community, Is there a way to query tags assigned to devices in MDE? Ideally I would want to include such a query in a Power Bi Dashboard to allow for filtering of devices based on tags (...
- Tags don't show up in the DeviceInfo table, so I fear there is no way to retrieve this through KQL.
You could enrich the information through the API, this exposes the tags
You need to join the query with the DeviceInfo table in order to retrieve the machine groups:
DeviceEvents
| take 10
| join kind=leftouter ( DeviceInfo | distinct DeviceId, MachineGroup) on DeviceId
| project-reorder MachineGroup
I would retrieve the DeviceInfo table within PowerBI and enable the correlation there.
DeviceEvents
| take 10
| join kind=leftouter ( DeviceInfo | distinct DeviceId, MachineGroup) on DeviceId
| project-reorder MachineGroup
I would retrieve the DeviceInfo table within PowerBI and enable the correlation there.
Thanks a lot for the recommendation, much appreciated. While this gives me the MachineGroup value, what I am looking for are tags that are assigned to devices. Ideally I would want to be able to query for information against specific tags OR at least be able to include this tag information in the output of a relevant query (similar to what MachineGroup) is giving me.
- Tags don't show up in the DeviceInfo table, so I fear there is no way to retrieve this through KQL.
You could enrich the information through the API, this exposes the tagsThanks again for the valuable feedback. Could you perhaps elaborate a little more on this?
At the moment I have a manual export of the devices per location in an Excel data source, but ideally I would want to not use any offline/manual data sources, so if there is a way of retrieving this through API it will solve a huge problem.
What I am after is this:
Everything works as it should, I'm really only trying to get around the manual location bit.
