SOLVED
Home

Computer group in OMS query

%3CLINGO-SUB%20id%3D%22lingo-sub-855182%22%20slang%3D%22en-US%22%3EComputer%20group%20in%20OMS%20query%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-855182%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20two%20type%20of%20group%20Saved%20and%20active%20directory.%20I%20could%20run%20query%20on%20saved%20group%20as%20below%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3EPerf%20%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%7C%20%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%230000ff%3B%22%3Ewhere%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%20Computer%20in%20(%5B%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23a31515%3B%22%3E'ProdServers'%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%5D)%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3EHow%20can%20i%20run%20the%20similar%20query%20for%20AD%20group.%20I%20could%20list%20the%20ad%20group%20member%20using%20the%20query%20below%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3EComputerGroup%20%7C%20%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%230000ff%3B%22%3Ewhere%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%20GroupSource%20%3D%3D%20%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23a31515%3B%22%3E%22ActiveDirectory%22%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22color%3A%20%230000ff%3B%22%3Eand%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%20Group%20%3D%3D%20%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23a31515%3B%22%3E%22SV_Prod%22%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%20%7C%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%230000ff%3B%22%3Edistinct%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20style%3D%22color%3A%20%23000000%3B%22%3E%20Computer%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-855182%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EQuery%20Language%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-856516%22%20slang%3D%22en-US%22%3ERe%3A%20Computer%20group%20in%20OMS%20query%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-856516%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F192811%22%20target%3D%22_blank%22%3E%40Mayank%20Bansal%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20can%20do%20the%20following%3A%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3Elet%20MyGroup%20%3D%20ComputerGroup%20%7C%20where%20GroupSource%20%3D%3D%20%22ActiveDirectory%22%20%20and%20Group%20%3D%3D%20%22SV_Prod%20%20%7Cdistinct%20%20Computer%3B%0APerf%20%7C%20where%20Computer%20in%20(MyGroup)%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3EAdditionally%20you%20can%20save%20the%20results%20from%3A%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3EComputerGroup%20%7C%20where%20GroupSource%20%3D%3D%20%22ActiveDirectory%22%20%20and%20Group%20%3D%3D%20%22SV_Prod%20%20%7Cdistinct%20%20Computer%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3Eto%20a%20computer%20group%20let's%20say%20with%20name%20MySavedGroup%20and%20reference%20it%20in%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3EPerf%20%7C%20where%20Computer%20in%20(MySavedGroup)%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3Elike%20any%20other%20computer%20group.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-857378%22%20slang%3D%22en-US%22%3ERe%3A%20Computer%20group%20in%20OMS%20query%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-857378%22%20slang%3D%22en-US%22%3EThanks%20this%20solved%20my%20problem.%3C%2FLINGO-BODY%3E
Highlighted
Mayank Bansal
Microsoft

I have two type of group Saved and active directory. I could run query on saved group as below

Perf | where Computer in (['ProdServers'])

 

How can i run the similar query for AD group. I could list the ad group member using the query below

ComputerGroup | where GroupSource == "ActiveDirectory" and Group == "SV_Prod" |distinct  Computer

 

2 Replies
Solution

Hi@Mayank Bansal 

You can do the following:

let MyGroup = ComputerGroup | where GroupSource == "ActiveDirectory"  and Group == "SV_Prod  |distinct  Computer;
Perf | where Computer in (MyGroup)

Additionally you can save the results from:

ComputerGroup | where GroupSource == "ActiveDirectory"  and Group == "SV_Prod  |distinct  Computer

to a computer group let's say with name MySavedGroup and reference it in

Perf | where Computer in (MySavedGroup)

like any other computer group.

Thanks this solved my problem.
Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
16 Replies
flashing a white screen while open new tab
cntvertex in Discussions on
11 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
28 Replies
*Updated 9/3* Syncing in Microsoft Edge Preview Channels
Elliot Kirk in Articles on
217 Replies