Open In App
Related Articles

Microsoft Azure – Troubleshoot Azure VM Process using KQL

Improve
Improve
Improve
Like Article
Like
Save Article
Save
Report issue
Report

Azure is Microsoft’s cloud platform, just like Google has its Google Cloud and Amazon has its Amazon Web Service or AWS.000. Generally, it is a platform through which we can use Microsoft’s resources. In this article, we will be using the VMProcess Kusto query operator in Azure Monitor to collect the Process data of azure servers/virtual machine clients with Service Map and VM Insights monitoring solutions using the Dependency agent and Log analytics agent.

Step 1. Use the following KQL Query to get the VMProcess Operator Data Logs for the last 10 minutes.

VMProcess
| where TimeGenerated > ago(10m)

Step 2. Use the following KQL Query to get the VMProcess Operator Data Logs for the last 1 hour.

VMProcess
| where TimeGenerated > ago(1h)

Step 3. Use the following KQL Query to get the VMProcess Operator Data Logs for the last 1 day.

VMProcess
| where TimeGenerated > ago(1d)

Output Image:

 

Step 4. Use the following KQL Query to get the details of the Host Process for Windows Services.

VMProcess
| where TimeGenerated > ago(10m)
| where Description == "Host Process for Windows Services"

Output:

 

Step 5. Use the following KQL Query to get the VMProcess Executable Name and its Display Name and Group to which it belongs and also with the Product Name.

VMProcess
| where TimeGenerated > ago(10m)
| project ExecutableName, DisplayName, Group, ProductName

Output:

 


Last Updated : 03 Apr, 2023
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads