SOLVED

Need to find IP of the vm's from the query

%3CLINGO-SUB%20id%3D%22lingo-sub-213301%22%20slang%3D%22en-US%22%3ENeed%20to%20find%20IP%20of%20the%20vm's%20from%20the%20query%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-213301%22%20slang%3D%22en-US%22%3E%3CP%3ENeed%20to%20find%20IP%20of%20the%20vm's%20from%20the%20query%26nbsp%3B%3C%2FP%3E%3CDIV%3E%3CDIV%3E%3CSPAN%3EPerf%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7C%20%3C%2FSPAN%3E%3CSPAN%3Ewhere%3C%2FSPAN%3E%3CSPAN%3E%20ObjectName%20%3D%3D%20%3C%2FSPAN%3E%3CSPAN%3E%22Processor%22%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7C%20%3C%2FSPAN%3E%3CSPAN%3Ewhere%3C%2FSPAN%3E%3CSPAN%3ECounterName%20%3D%3D%20%3C%2FSPAN%3E%3CSPAN%3E%22%25%20Processor%20Time%22%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7C%20%3C%2FSPAN%3E%3CSPAN%3Ewhere%3C%2FSPAN%3E%3CSPAN%3E%20InstanceName%20%3D%3D%20%3C%2FSPAN%3E%3CSPAN%3E%22_Total%22%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7C%20%3C%2FSPAN%3E%3CSPAN%3Ewhere%3C%2FSPAN%3E%3CSPAN%3E%20CounterValue%20%26gt%3B%20%3C%2FSPAN%3E%3CSPAN%3E95%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3Ewhat%20do%20i%20need%20to%20add%3F%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-213301%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EQuery%20Language%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-217346%22%20slang%3D%22en-US%22%3ERe%3A%20Need%20to%20find%20IP%20of%20the%20vm's%20from%20the%20query%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-217346%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%0A%3CP%3EThe%20following%20query%20will%20give%20you%20the%20name%20and%20the%20IP%20of%20each%20computer%20that%20is%20produced%20in%20the%20query.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%3Elet%20ComputerList%20%3D%20Perf%0A%7C%20where%20ObjectName%20%3D%3D%20%22Processor%22%0A%7C%20where%20CounterName%20%3D%3D%20%22%25%20Processor%20Time%22%0A%7C%20where%20InstanceName%20%3D%3D%20%22_Total%22%0A%7C%20where%20CounterValue%20%26gt%3B%2095%20%7C%20distinct%20Computer%3B%0AHeartbeat%20%7C%20where%20Computer%20in%20(ComputerList)%20%7C%20project%20Computer%2C%20ComputerIP%20%3C%2FPRE%3E%0A%3CP%3EKeep%20in%20mind%20that%20your%20query%20is%20not%20detecting%20if%20certain%20computers%20are%20reaching%20high%20CPU%20utilization.%20Instead%20it%20is%20getting%20just%20point%20in%20times%20when%20the%20CPU%20was%20high.%20This%20will%20return%20computers%20that%20overall%20had%20low%20cpu%20usage%20but%20just%20one%20time%20for%20a%20few%20seconds%20their%20CPU%20was%20high.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Need to find IP of the vm's from the query 

Perf
| where ObjectName == "Processor"
| where CounterName == "% Processor Time"
| where InstanceName == "_Total"
| where CounterValue > 95
 
what do i need to add?
1 Reply
Highlighted
Solution

Hi

The following query will give you the name and the IP of each computer that is produced in the query.

 

let ComputerList = Perf
| where ObjectName == "Processor"
| where CounterName == "% Processor Time"
| where InstanceName == "_Total"
| where CounterValue > 95 | distinct Computer;
Heartbeat | where Computer in (ComputerList) | project Computer, ComputerIP 

Keep in mind that your query is not detecting if certain computers are reaching high CPU utilization. Instead it is getting just point in times when the CPU was high. This will return computers that overall had low cpu usage but just one time for a few seconds their CPU was high.