cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Query with SCCM ComputerGroup

Bob Clements
Copper Contributor

‎Jan 12 2018 09:25 AM - last edited on ‎Apr 07 2022 04:51 PM by

‎Jan 12 2018 09:25 AM - last edited on ‎Apr 07 2022 04:51 PM by

Query with SCCM ComputerGroup

The following documentation provides some example queries using Computer Groups:

Computer groups in Log Analytics log searches

 

I am attempting to run a query using some computer groups imported from SCCM. I have confirmed that the groups are available through Settings > Computer Groups > SCCM. However, my query isn't providing any results. These are a couple of the queries I am attempting to process:

 

let WaaSGroup = ComputerGroup | where GroupSource == "SCCM" and Group == "Collection 001" | distinct Computer;
WaaSDeploymentStatus | where Computer in (WaaSGroup) | where DeploymentStatus=="Failed"
let DriverGroup = ComputerGroup | where GroupSource == "SCCM" and Group == "Collection 002"
UADriver | where Computer in (DriverGroup) | where Issue == "Driver will not migrate to new OS"

Does anyone have any clarification on the query syntax when using an imported computer group?

 

Thanks!

 

Labels:
1,342 Views
0 Likes
2 Replies
Reply
2 Replies
Meir Mendelovich

‎Jan 14 2018 01:16 AM

‎Jan 14 2018 01:16 AM

Re: Query with SCCM ComputerGroup

Hi Bob,

 

Please provide us some more details so we can help you.

Does the following queries provide any results?

 

  1. ComputerGroup | where GroupSource == "SCCM" and Group == "Collection 001" | distinct Computer
  2. ComputerGroup | where GroupSource == "SCCM" and Group == "Collection 001" and TimeGenerated > ago(2d) | distinct Computer
  3. ComputerGroup | where GroupSource == "SCCM" and Group == "Collection 002" | distinct Computer
  4. ComputerGroup | where GroupSource == "SCCM" and Group == "Collection 002" and TimeGenerated > ago(2d) | distinct Computer

 

BTW: you forgot the "distinct Computer" in the Collection 002 query.

 

Thanks,

Meir 

0 Likes
Reply
Bob Clements

‎Jan 16 2018 07:57 AM

‎Jan 16 2018 07:57 AM

Re: Query with SCCM ComputerGroup

Hi Meir,

 

All 4 of the queries that you provided work as expected. I receive the list of computers that correspond to the different groups. 

 

How would I take these results and run them against a table search? For example, one of the following conditions:

 

WaaSDeploymentStatus | where Computer in (WaaSGroup) | where DeploymentStatus=="Failed"


UADriver | where Computer in (DriverGroup) | where Issue == "Driver will not migrate to new OS"
0 Likes
Reply