May 11 2022 02:55 PM
I'm working with a query that was posted on Github for "Endpoint Agent Health Status Report" however I only want to show for our Servers. I was able to put in a Where for specific OS but the server counts seem to be wrong. I wanted to create a KQL query that would should the OS by count().
DeviceTvmSecureConfigurationAsseessment
| where innotempty(DeviceName)
| summarize OSCount = count() by OSPlatform
There query runs but it shows way to many devices for each OS. I added a timestamp to only select from the last 24hrs but it still shows a lot. For example, we have perhaps a total of 178 Servers but it is giving me over 3k linux servers and over 13k of Windows 2016.
Please assist with the correct method to user kql to get the info.
Thanks,
May 11 2022 05:07 PM - edited May 11 2022 05:14 PM
Try something like the following:
May 11 2022 05:26 PM
May 11 2022 05:32 PM