cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Running a KQL to find all devices with a software installed and the currently logged on users

KBhuva
Copper Contributor

‎Mar 30 2023 07:44 PM - edited ‎Mar 30 2023 07:45 PM

‎Mar 30 2023 07:44 PM - edited ‎Mar 30 2023 07:45 PM

Running a KQL to find all devices with a software installed and the currently logged on users

Hi,


I am seeking for some help with running a KQL query.
Basically trying to find all the devices on the network with a particular software (like Wireshark) but the results to also include the users that are logged on to them

I am very new to KQL and this is what I have tried to run but my "LoggedOnUsers" column is blank

 

union DeviceTvmSoftwareInventory, DeviceInfo
| where SoftwareName in ("wireshark")
| project DevivceITS = trim_end(".", DeviceName), OSVersion, SoftwareName, SoftwareVersion, LoggedOnUsers
| order by DevivceITS, SoftwareName, SoftwareVersion
| sort by SoftwareVersion desc

 

 
Cheers,
KP
Labels:
6,686 Views
1 Like
0 Replies
Reply
0 Replies