Maybe I am going about this the wrong way, hoping to get some help.
What we are trying to accomplish: Trying to create a time to track the deployment progress of each Windows Update release. So far I have the following two queries that are being utilized in a Donut MultiQuery:
1. Query for machines on version 966:
WaaSDeploymentStatus | where UpdateCategory=="Quality" and TargetBuild == "15063.966" and DetailedStatus == "Update successful" | distinct Computer | count
2. Machines that are on a version prior to 966:
let Table1 = WaaSDeploymentStatus
| where UpdateCategory== "Quality" and OSVersion == "1703" and DetailedStatus == "Update successful" and TargetBuild == "15063.966"
| distinct Computer
| count as Count1
| extend dummy=1 ;
let Table2 = WaaSDeploymentStatus
| where UpdateCategory=="Quality" and OSVersion == "1703" and DeploymentStatus == "Update successful" and TargetBuild in ("15063.138", "15063.250", "15063.296", "15063.332", "15063.413", "15063.447", "15063.483", "15063.502", "15063.540", "15063.608", "15063.532", "15063.674", "15063.675", "15063.726", "15063.729", "15063.786", "15063.850", "15063.877", "15063.909", "15063.936", "15063.994")
| distinct Computer
| count as Count2
| extend dummy=1;
Table1
| join kind= inner (Table2 ) on dummy
| extend FinalCount = Count1-Count2
| project FinalCount
The numbers that I am receiving aren't valid. What am I missing here? Is there a better way to do this?
