Nov 30 2017 01:01 PM
Nov 30 2017 01:01 PM
I used this basic query to find several computers that had the word LINK in their name:
Heartbeat | where Computer contains "LINK" | distinct Computer
It worked fine, just as I wanted. My question is where can I find documentation on what the word here, capitalized: Computer is, in the context of the query language? IOW, what is the computer data type? Does it have metadata I can search through? More importantly, where can find a good guide to go and look up these things myself without having to ask here?
I would like to search through not just the list of computers I've installed the MMA on or connected to within Azure, but also list, for example, the above query, but only for those with LINK in the name that are Azure VMs, but not real systems or VMs in the datacenter. Where is that value, if it exists at all, stored?
Nov 30 2017 10:53 PMSolution
Dec 01 2017 06:50 AM
Looks like your book was recently updated to version 2.
Appreciate it, but would love to see a complete reference to a terms in the LA query language!
Dec 01 2017 07:09 AM
Dec 04 2017 01:28 PM
Thanks for that reply. I should tell you, as we're both MVPs, I have a lot less experience on data manipulation than infrastructure, but I am fascinated by this subject!
Also, I should have entitled my question here as HOW DO I group computers on where they reside: Azure or Datacenter? <-- with that important question mark!
So, how do I? In other words, I have a number of Azure VMs, all connected to Log Analytics, and also a number of VMs running on physical hosts in my datacenter, that are all running the MMA. How can I find without already knowing aspects like names or domain, which are in Azure and which are in the datacenter? I thought there might be a single point of data that this information is kept.
If the answer is there is no such data point, then fine, I just can't find one, but that sure doesn't mean there isn't one. I suppose I could use a subnet address or ensure a naming convention that would keep some distinction.
Dec 04 2017 10:20 PM
Log Analytics knows which Computers are Azure and which are not.
Heartbeat | where ComputerEnvironment == 'Azure' | distinct Computer
Heartbeat | where ComputerEnvironment != 'Azure' | distinct Computer
Hope this helps. ComputerEnvironment field is present in other tables as well.