Running a KQL to find all devices with a software installed and the currently logged on users

New Contributor


I am seeking for some help with running a KQL query.
Basically trying to find all the devices on the network with a particular software (like Wireshark) but the results to also include the users that are logged on to them

I am very new to KQL and this is what I have tried to run but my "LoggedOnUsers" column is blank


union DeviceTvmSoftwareInventory, DeviceInfo
| where SoftwareName in ("wireshark")
| project DevivceITS = trim_end(".", DeviceName), OSVersion, SoftwareName, SoftwareVersion, LoggedOnUsers
| order by DevivceITS, SoftwareName, SoftwareVersion
| sort by SoftwareVersion desc


0 Replies