Aug 07 2018
- last edited on
Apr 07 2022
I am working on a super simple query to pull MachineName and OSBuild versions.
I would like the query to only return machines where the value of OSBuild is not null.
Here is what I have tried so far:
Aug 07 2018 10:03 AMSolution
| where isnotnull (OSBuild)
| summarize by ComputerName, OSBuild
I can’t test on the demo site, but using the same with the heartbeat schema gives the results you may be looking for. There is another command, isempty or isnotempty that does similar for string data.
Aug 07 2018 10:20 AM
@Travis Roberts Thank you for your reply! This did the trick.
I didn't come across "isnotnull" in my search for a solution, although I suspect it was staring me in the face.
Is part of the problem that I am dealing with a numerical field as opposed to a string?
I would eventually like to turn this into a statical query where it will group all the OS values together, then give me a count of each.