Here in this article, we will be implementing the Log Analytics Log Queries to find the count of resources by Update Management Run Name and also to get details of critical updates missing count and security updates missing count with resource name and update run name. Let’s dive in to start implementation using KQL Log Queries.

Implementation:

Step 1: Log in to Azure Portal.

Step 2: Refer to the Workbook Creation from this article.

Step 3: Paste the below KQL Log Queries to find the log details of the Azure Patch Management Update Summary.

KQL Query 1: Use this Log Analytics Log Query to get the count of Patch Deployments by Patch Deployment Schedule Name

• For Time Generated update according to your requirement in the below query. Here we have given the Last 4 Days

UpdateSummary
| where TimeGenerated > ago(4d)
| join kind=inner(UpdateRunProgress| where TimeGenerated > ago(4d) | project Computer, UpdateRunName) on Computer
| join kind=innerunique (Heartbeat | distinct Computer) on Computer

| summarize count() by UpdateRunName

This query returns the total count of resources by Update Run Name (i.e. Patch Deployment Schedule Name)

Output:

KQL Query 2: Use this Log Analytics Log Query to get the Patch Deployment Status 

• For Time Generated update according to your requirement in the below query. Here we have given the Last 4 Days

UpdateSummary
| where TimeGenerated > ago(4d)
| join kind=inner(UpdateRunProgress| where TimeGenerated > ago(4d) | project Computer, UpdateRunName) on Computer
| join kind=innerunique (Heartbeat | distinct Computer) on Computer
| project Resource, UpdateRunName, CriticalUpdatesMissing, SecurityUpdatesMissing

This query returns the patch resource name (i.e. VM Name), Update Run Name (i.e. Patch Deployment Schedule Name), count of critical updates which are missing for a resource, and count of security updates that are missing for a resource.

Output:

That’s it!