Jun 21 2019
10:05 AM
- last edited on
Apr 07 2022
05:58 PM
by
TechCommunityAP
Jun 21 2019
10:05 AM
- last edited on
Apr 07 2022
05:58 PM
by
TechCommunityAP
Hi,
I have query that is supposed to get the data related to Security Updates and Critical Updates from devices connected to Log Analytics workspace.
This query works fine in one Log Analytics workspace but shows a syntax error in another Log Analytics workspace while configuring an alert.
Security Update Query
Update | where UpdateState == 'Needed' and Optional == false and Classification == 'Security Updates' and Approved != false | summarize AggregatedValue = count() by Computer
Critical Updates Query
Update | where UpdateState == 'Needed' and Optional == false and Classification == 'Critical Updates' and Approved != false | summarize count() by Computer
Need help in finding why this query shows a syntax error while i use it for configuring an alert.
Thanks in Advance
Jun 22 2019 06:42 AM
Both of these work in the free demo workspace, see that here:
Go to Log Analytics and Run Query
What error do you get and which of the two queries gets the error? Do they work as a query but one fails when put into an Alert?
Jun 24 2019 11:51 AM - edited Jun 24 2019 11:53 AM
@CliveWatson
Hi,
Thanks for your response. I am getting a Syntax error while trying to execute this query from the Logs to get the data and also while configuring an alert using this query.
Please find the screenshot attached for the reference.
Jun 24 2019 12:04 PM
You normally get that error if the table doesn't exist - so do you definitely you have Update in that workplace?
Update | limit 10