Hi all,
I am using the following query to Identify Free Disk space on a VM using Insight Metrics.
// Logical disk space % below threshold
// Logical disk space % below threshold.
let _minValue = 10; // Set the minValue according to your needs
InsightsMetrics
| where TimeGenerated >= ago(1h) // choose time to observe
| where Origin == "vm.azm.ms"
| where Namespace == "LogicalDisk" and Name == "FreeSpacePercentage"
| where Val <= _minValue
| extend t=parse_json(Tags)
| summarize avg(Val) by bin(TimeGenerated, 10m), Computer, tostring(t["vm.azm.ms/mountId"])
| sort by avg_Val asc
I am receiving valid results back, but I would like to take it a step further and specify the Disk letter in my query as this will allow me to run more custom queries.
Can someone possibly advise what string to add in this query above to basically include either "C:" or "D:" etc?
I Believe it will need to extract something from the mountId but I cannot find the correct "wording" in my query string.
Results of the query above:
TimeGenerated[UTC] | Computer | t_vm.azm.ms/mountId | avg_val |
10/14/2022, 6:40:00.000 AM | | H: | 3.214 |
10/14/2022, 6:30:00.000 AM | | H: | 3.214 |
Thank you
