Open In App

Microsoft Azure – Getting VMComputer Records Properties

Improve
Improve
Like Article
Like
Save
Share
Report

In this article, we will look into the process of querying some key properties of Records of VMComputer types. We will primarily focus on the KQL queries to get the properties like the Host Name, Computer Name, DNS Name, Display Name, Full Display Name in Azure.

  1. Computer: The name of the computer that includes the domain name if exists. For example: <servername>.domain-name.org, <servername>.domain-name.net, <servername>.domain-name.com, <servername>.domain-name.company,…etc. If the domain doesn’t exist then we will get only the Azure Server Host Name.
  2. Display Name: The display name of the server.
  3. DNS Names: DNS stands for Domain Name System and it is a collection of an array of DNS names. Result for DNS Name:  [“ADServer-008”], [“DEVServerW10-24”],etc.
  4. Full Display Name: The full display name of the server.
  5. Host Name: The hostname of the server is the name of the server in Azure Virtual Machine without domain.

Note: The same principle can be applied for getting other Records properties of VMComputer types such as:

  1. TenantId: The unique identifier for the workspace.
  2. TimeGenerated: Timestamp of the record (UTC).
  3. AgentId: The unique ID of the Log Analytics agent.
  4. Ipv4Addresses: Array of IPv4 addresses.
  5. MacAddresses: Array of Mac addresses, etc.

KQL Query Examples:

Use Azure Monitor or Log Analytics WorkSpace to run the Queries.

1. KQL Log Query – Let’s use some KQL Queries to fetch the logs of Azure Server Host Name, Computer Name, DNS Name, Display Name, and Full Display Name from a Select Scope.

VMComputer
| where TimeGenerated > ago(1h)
| summarize by Computer, HostName, DisplayName, FullDisplayName, tostring(DnsNames)

Output returns the results of Computer, HostName, DisplayName, FullDisplayName, and DnsNames of the Servers.

Output:

2. KQL Log Query – To get the details of Azure Resource Group, Azure Resource Name, and Computer Name from a Select Scope.

VMComputer
| where TimeGenerated > ago(1h)
| summarize by AzureResourceGroup, AzureResourceName, Computer

Output:

3. KQL Log Query – To get a consolidated list of properties which consists of Azure Resource Group, Azure Resource Name, Computer Name, Host Name, DNS Name, Display Name, and Full Display Name from the select scope.

VMComputer
| where TimeGenerated > ago(1h)
| summarize by AzureResourceGroup, AzureResourceName, Computer, HostName, DisplayName, 
FullDisplayName, tostring(DnsNames)

This query returns the results of a list of servers with Azure Resource Group, Azure Resource Name, Computer Name, Host Name, DNS Name, Display Name, and Full Display Name

Output:


Last Updated : 31 Mar, 2023
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads