Microsoft Azure – Heartbeat KQL Log Monitoring Query
Pre-requisites:
Heartbeat is an Azure Log Management solution and you can get/fetch the below following information from the KQL Log Heartbeat query.:
- Computer Name
- An Environment that hosts the computer: Azure or Non-Azure
- Name of Operating system, Type of OS, Operating system major version, Operating system minor version
- List of solutions deployed on the agent
- The Version of the agent, etc.
Let’s see some below examples of Heartbeat KQL Log Monitoring Query:
1. KQL Query to find the Computer and Computer Environment that hosts the computer: Azure or Non-Azure
Heartbeat
| where OSType == 'Windows' or OSType == 'Linux'
| summarize arg_max(TimeGenerated, *) by SourceComputerId
| sort by Computer
| project Computer, ComputerEnvironment
| render table
Output:
2. KQL Query to find the Computer OS Type, OS Name OS Major Version, and OS Minor Version.
Heartbeat
| where OSType == 'Windows' or OSType == 'Linux'
| summarize arg_max(TimeGenerated, *) by SourceComputerId
| sort by Computer
| project Computer, ComputerEnvironment,
OSType, OSName, OSMajorVersion, OSMinorVersion
| render table
Output:
3. KQL Query to find the Computer with OS Type has only Windows and display OS Name OS Major Version and OS Minor Version.
Heartbeat
| where OSType == 'Windows'
| summarize arg_max(TimeGenerated, *) by SourceComputerId
| sort by Computer
| project Computer, ComputerEnvironment,
OSType, OSName, OSMajorVersion, OSMinorVersion
| render table
Output:
4. KQL Query to find the Computer with OS Type has only Linux and display OS Name OS Major Version and OS Minor Version.
Heartbeat
| where OSType == 'Linux'
| summarize arg_max(TimeGenerated, *) by SourceComputerId
| sort by Computer
| project Computer, ComputerEnvironment,
OSType, OSName, OSMajorVersion, OSMinorVersion
| render table
Output:
5. KQL Query to find the Computer Remote IP.
Heartbeat
| summarize arg_max(TimeGenerated, *) by SourceComputerId
| sort by Computer
| project Computer, ComputerEnvironment, ComputerIP
| render table
Output:
Last Updated :
31 Mar, 2023
Like Article
Save Article
Share your thoughts in the comments
Please Login to comment...