cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Advanced Hunting Query to Include Assigned Tags

SebastiaanR
Brass Contributor

‎Jan 13 2021 10:39 PM

‎Jan 13 2021 10:39 PM

Advanced Hunting Query to Include Assigned Tags

Good day community,

 

Is there a way to query tags assigned to devices in MDE? Ideally I would want to include such a query in a Power Bi Dashboard to allow for filtering of devices based on tags (location, environment, etc.).

 

From what I can see, it doesn't seem to be possible, but I'm far from being an expert when it comes to advanced queries :)

 

Thanks

7,940 Views
0 Likes
7 Replies
Reply
7 Replies
Thijs Lecomte

‎Jan 15 2021 01:32 AM

‎Jan 15 2021 01:32 AM

Re: Advanced Hunting Query to Include Assigned Tags

You need to join the query with the DeviceInfo table in order to retrieve the machine groups:
DeviceEvents
| take 10
| join kind=leftouter ( DeviceInfo | distinct DeviceId, MachineGroup) on DeviceId
| project-reorder MachineGroup

I would retrieve the DeviceInfo table within PowerBI and enable the correlation there.
1 Like
Reply
SebastiaanR

‎Jan 15 2021 02:17 AM

‎Jan 15 2021 02:17 AM

Re: Advanced Hunting Query to Include Assigned Tags

@Thijs Lecomte 

Thanks a lot for the recommendation, much appreciated. While this gives me the MachineGroup value, what I am looking for are tags that are assigned to devices. Ideally I would want to be able to query for information against specific tags OR at least be able to include this tag information in the output of a relevant query (similar to what MachineGroup) is giving me.

 

SebastiaanR_0-1610705831917.png

 

0 Likes
Reply
best response confirmed by SebastiaanR (Brass Contributor)
Thijs Lecomte

‎Jan 15 2021 02:43 AM

‎Jan 15 2021 02:43 AM

Solution

Re: Advanced Hunting Query to Include Assigned Tags

Tags don't show up in the DeviceInfo table, so I fear there is no way to retrieve this through KQL.
You could enrich the information through the API, this exposes the tags
1 Like
Reply
SebastiaanR

‎Jan 16 2021 01:25 AM

‎Jan 16 2021 01:25 AM

Re: Advanced Hunting Query to Include Assigned Tags

@Thijs Lecomte 

Thanks again for the valuable feedback. Could you perhaps elaborate a little more on this?

At the moment I have a manual export of the devices per location in an Excel data source, but ideally I would want to not use any offline/manual data sources, so if there is a way of retrieving this through API it will solve a huge problem.

 

What I am after is this:

 

SebastiaanR_0-1610788998789.png

 

Everything works as it should, I'm really only trying to get around the manual location bit.

 

0 Likes
Reply
SebastiaanR

‎Jan 16 2021 02:07 AM

‎Jan 16 2021 02:07 AM

RE: Advanced Hunting Query to Include Assigned Tags

I had a look, on your recommendation, and it seems I am able to retrieve all information, including the machineTag value using as an OData feed into PBI. Thank you very much for the guidance, this really makes my life a whole lot easier!
0 Likes
Reply
sagarmcp

‎Dec 20 2021 04:09 PM

‎Dec 20 2021 04:09 PM

RE: Advanced Hunting Query to Include Assigned Tags

@SebastiaanR Do you have the OBI query you used or the table name? I need to perform similar thing and trying to get this data at this stage with the Advanced Hunting without success. if API is the only way, I want to explore that too. 

 

Thanks, 

Sagar

0 Likes
Reply
GaryB_Reply

‎Aug 19 2022 02:43 AM

‎Aug 19 2022 02:43 AM

Re: RE: Advanced Hunting Query to Include Assigned Tags

Hi @SebastiaanR,
I need to report on MDE devices and split out the reporting by tag but need a head start on how you managed to get this information. Would you be willing to share some more information how you achieved the results?
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by SebastiaanR (Brass Contributor)
Thijs Lecomte

‎Jan 15 2021 02:43 AM

‎Jan 15 2021 02:43 AM

Solution

Re: Advanced Hunting Query to Include Assigned Tags

Tags don't show up in the DeviceInfo table, so I fear there is no way to retrieve this through KQL.
You could enrich the information through the API, this exposes the tags

View solution in original post

1 Like
Reply