Microsoft Azure – Troubleshoot Azure VM Process using KQL

Azure is Microsoft’s cloud platform, just like Google has its Google Cloud and Amazon has its Amazon Web Service or AWS.000. Generally, it is a platform through which we can use Microsoft’s resources. In this article, we will be using the VMProcess Kusto query operator in Azure Monitor to collect the Process data of azure servers/virtual machine clients with Service Map and VM Insights monitoring solutions using the Dependency agent and Log analytics agent.

Step 1. Use the following KQL Query to get the VMProcess Operator Data Logs for the last 10 minutes.

VMProcess
| where TimeGenerated > ago(10m)

Step 2. Use the following KQL Query to get the VMProcess Operator Data Logs for the last 1 hour.

VMProcess
| where TimeGenerated > ago(1h)

Step 3. Use the following KQL Query to get the VMProcess Operator Data Logs for the last 1 day.

VMProcess
| where TimeGenerated > ago(1d)

Output Image:

 

Step 4. Use the following KQL Query to get the details of the Host Process for Windows Services.

VMProcess
| where TimeGenerated > ago(10m)
| where Description == "Host Process for Windows Services"

Output:

 

Step 5. Use the following KQL Query to get the VMProcess Executable Name and its Display Name and Group to which it belongs and also with the Product Name.

VMProcess
| where TimeGenerated > ago(10m)
| project ExecutableName, DisplayName, Group, ProductName

Output: