Forum Discussion
Computer Groups with new query language?
Example:
Heartbeat | where Computer contains "SRV" | distinct Computer
You will create function out of this query and save with it with alias MyComputers for example. Than in a new query you can refer to it in this way for example:
Perf | where Computer in (MyComputers)
If it does not work right away in the Analytics Portal try refreshing it.
Example:
Heartbeat | where Computer contains "SRV" | distinct Computer
You will create function out of this query and save with it with alias MyComputers for example. Than in a new query you can refer to it in this way for example:
Perf | where Computer in (MyComputers)
If it does not work right away in the Analytics Portal try refreshing it.
Hi Stanislav,
I have followed your example but I still can't get computer groups to work.
I have saved the search and can see the group under Computer Groups > Saved Groups but I am unable to reference the group in a search query. We had this working in the legacy log analytics but it didn't get converted during the log analytics upgrade.
- Perf type is with capital P so it will be Perf | where Computer in (MyComputers) The language is casesensitive. Let me know if that fixes it.
I believe I have spotted the issue, the capital P was issue number 1 :) issue number 2 is that the search save was a legacy format: Type=Heartbeat OSType=Linux Computer=regex("@p{1}[0-9]*") | Distinct Computer
I had to save the search using the new format:
Heartbeat | where OSType == "Linux" and Computer matches regex "^.+p{1}[0-9]*$" | distinct Computer
after I had saved the search I was then able to use your search and it worked.Perf | where Computer in (MyComputers())thank you very much for your assistance :)- Happy to hear that it is working.