Open In App

Microsoft Azure – Heartbeat KQL Log Monitoring Query

Improve
Improve
Like Article
Like
Save
Share
Report

Pre-requisites:

Heartbeat is an Azure Log Management solution and you can get/fetch the below following information from the KQL Log Heartbeat query.:

  • Computer Name
  • An Environment that hosts the computer: Azure or Non-Azure
  • Name of Operating system, Type of OS, Operating system major version, Operating system minor version
  • List of solutions deployed on the agent
  • The Version of the agent, etc.

Let’s see some below examples of Heartbeat KQL Log Monitoring Query:

1. KQL Query to find the Computer and Computer Environment that hosts the computer: Azure or Non-Azure

Heartbeat
| where OSType == 'Windows' or OSType == 'Linux'
| summarize arg_max(TimeGenerated, *) by SourceComputerId 
| sort by Computer
| project Computer, ComputerEnvironment
| render table

Output:

 

2. KQL Query to find the Computer OS Type,  OS Name OS Major Version, and OS Minor Version.

Heartbeat
| where OSType == 'Windows' or OSType == 'Linux'
| summarize arg_max(TimeGenerated, *) by SourceComputerId 
| sort by Computer
| project Computer, ComputerEnvironment, 
OSType, OSName, OSMajorVersion, OSMinorVersion
| render table

Output:

 

3. KQL Query to find the Computer with OS Type has only Windows and display OS Name OS Major Version and OS Minor Version.

Heartbeat
| where OSType == 'Windows'
| summarize arg_max(TimeGenerated, *) by SourceComputerId 
| sort by Computer
| project Computer, ComputerEnvironment, 
OSType, OSName, OSMajorVersion, OSMinorVersion
| render table

Output:

 

4. KQL Query to find the Computer with OS Type has only Linux and display OS Name OS Major Version and OS Minor Version.

Heartbeat
| where OSType == 'Linux'
| summarize arg_max(TimeGenerated, *) by SourceComputerId 
| sort by Computer
| project Computer, ComputerEnvironment, 
OSType, OSName, OSMajorVersion, OSMinorVersion
| render table

Output:

 

5. KQL Query to find the Computer Remote IP.

Heartbeat
| summarize arg_max(TimeGenerated, *) by SourceComputerId 
| sort by Computer
| project Computer, ComputerEnvironment, ComputerIP
| render table

Output:

 


Last Updated : 31 Mar, 2023
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads