User Profile
RCDevops777
Copper Contributor
Joined 7 years ago
User Widgets
Recent Discussions
Exclude UBS drives from query results for Percentage FreeSpace
Hi, I have the below query to alert on Percentage FreeSpace on Drives....we want to exclude UBS drives from the result set. Is there a way to figure if the instance is a UBS drive or not and exclude it from the Query. Appreciate your response on this. Perf | where CounterName == '% Free Space' and InstanceName != '_Total' | where InstanceName !contains 'HarddiskVolume' |summarize AggregatedValue=avg(CounterValue) by Computer,InstanceName,bin(TimeGenerated, 5m) | where AggregatedValue < 5 Thanks RC1.2KViews0likes1CommentOMS Log Analytics query Function/alias creation via ARM template
Hi All, I have created ARM templates for creating OMS Log Analytics Searches. I am trying to see if you can help me creating a function in via ARM template. Bascially we want to create/update the Function via ARM template or powershell..Appreciate if you can guide me or point me to any ARM template that has this functionality as reference. Below is the function i am referring to. https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/functions#create-a-function Thanks RCSolved6.2KViews0likes15CommentsRe: Need query for Getting the Status of a particular app pool in IIS
CliveWatson Thanks for helping me with this...i see that you got this working with rendered description as "shutdown" ....one thing i am noticing is i dont see any entries with shutdown ...but i see with rendered description "has requested a recycle". I have set the alert with this description...but looks like the user needs to know when it stopped and started instead of recycle. Need to check more on this.6.7KViews0likes2CommentsRe: Need query for Getting the Status of a particular app pool in IIS
I got this query ....but unable to figure out when it stopped or started. Event | where Computer contains "XXXXX" | where EventLog == "System" and Source == "Microsoft-Windows-WAS" | parse ParameterXml with * "</Param><Param>" AppPoolName "</Param><Param>" * | where AppPoolName == "XXXXXX" | summarize by AppPoolName, EventID, RenderedDescription, Computer //| summarize by AppPoolName, EventID6.8KViews0likes6CommentsRe: create a search query for the Average of CPU over 15 mins .. and set alert to it
Hi Stanislav, We are using the ObjectName == "Processor" for this query, hope it is the same ? Perf | where ObjectName == "Processor Information" and CounterName == "% Processor Time" and InstanceName == "_Total" | summarize AggregatedValue = avg(CounterValue) by Computer, bin(TimeGenerated, 15m) | where AggregatedValue > 90 | render table30KViews0likes1CommentRe: Search multiple perf counters
There is no Performance counter called % Used Memory in windows..I am also trying to find out how to get the Percentage of Memory used within 12 hours time...slice window of 1 hour .Please let me know if anyone has the query for this Thanks R Noa Kuperberg wrote: Hi Henrik, To check if a string contain any of a given list of values, you'd need to a evaluation each value separately, like this: Perf | where CounterName contains "% Committed" or CounterName contains "% Used Mem" or CounterName contains "% Proc" | summarize AggregatedValue = avg(CounterValue) by Computer, CounterName The only string operator that accepts a list of values is "in". See the full list of string operators https://docs.loganalytics.io/docs/Language-Reference/Scalar-operators/String-operators. Regards, Noa Noa Kuperberg wrote: Hi Henrik, To check if a string contain any of a given list of values, you'd need to a evaluation each value separately, like this: Perf | where CounterName contains "% Committed" or CounterName contains "% Used Mem" or CounterName contains "% Proc" | summarize AggregatedValue = avg(CounterValue) by Computer, CounterName The only string operator that accepts a list of values is "in". See the full list of string operators https://docs.loganalytics.io/docs/Language-Reference/Scalar-operators/String-operators. Regards, Noa8.6KViews0likes0Comments
Recent Blog Articles
No content to show