Reputation: 2959
Azure Monitoring filter based on OS
I want to filter my alerts based on OS to aviod having to add a machine to the alerts. I think filtering based on OS should do what I want
Here is my query
// enter a GB value to check
let setgbvalue = 5;
// Query
Perf
| where TimeGenerated > ago(1h)
| where ObjectName == "LogicalDisk" and CounterName == "Free Megabytes"
| where InstanceName !contains "D:"
| where InstanceName !contains "_Total"
| where InstanceName !contains "HarddiskVolume"
| extend FreeSpaceGB = CounterValue / 1024
| summarize FreeSpace = min(FreeSpaceGB) by Computer, InstanceName
| where FreeSpace < setgbvalue
| where OperatingSystemFullName has "Server" | distinct Computer
VMComputer
| where OperatingSystemFullName contains_cs "Server" | distinct Computer
Here is the error I get based on this query
'where' operator: Failed to resolve scalar expression named 'OperatingSystemFullName'
Upvotes: 0
Views: 216
Answers (1)
Reputation: 5516
We have done repro in our local environment, the below statements are based on our analysis.
'where' operator: Failed to resolve scalar expression named 'OperatingSystemFullName'
Perf Table, doesn't have any column with OperatingSystemFullName that is the reason you are landed up with an above error when you ran the above shared Perf query.
If you want to configure the alert based on OS you need to use join for both Perf & VMComputer tables as shown below :
let setgbvalue = 5;
VMComputer
| where OperatingSystemFullName contains "Server"| distinct Computer,OperatingSystemFullName
| join kind = inner ( Perf
| where TimeGenerated > ago(1h)
| where ObjectName == "LogicalDisk" and CounterName == "Free Megabytes"
| where InstanceName !contains "D:"
| where InstanceName !contains "_Total"
| where InstanceName !contains "HarddiskVolume"
| extend FreeSpaceGB = CounterValue / 1024
| summarize FreeSpace = min(FreeSpaceGB) by Computer, InstanceName
| where FreeSpace > setgbvalue) on Computer
Here is the Sample Output for reference:
You can refer to this documentation, for more information about joins flavors in KQL.
Upvotes: 1
Related Questions
- How to use filter on cloud/roleName in Azure Application Insights?
- Azure Resource Manager Query with multiple dynamic tag filters
- Configure Azure monitor for application logs
- Azure monitor external systems
- Azure Monitor alert on a custom metric filtered by cloud_RoleInstance
- Azure Linux Monitoring OS layer Diagnostics
- Azure Monitor alert on a filtered custom metric, less than case
- Filter insights by server
- Azure Monitoring and Using Service Management APIs
- Azure VM monitoring