日志分析工作区下的KQL协助

时间:2020-06-12 16:58:45

标签: azure-log-analytics 

ConfigurationChange
| where ConfigChangeType == "WindowsServices"
and SvcState == "Stopped"
and (
Computer has "NET-SQL2.networkhg.org.uk"
or Computer has "NET-SQL3.networkhg.org.uk"
or Computer has "NET-GISSQL1.networkhg.org.uk"
or Computer has "NET-CALSQL.networkhg.org.uk"
)
and (
SvcDisplayName == "SQL Full-text Filter Daemon Launcher (TEST)"
or SvcDisplayName == "SQL Full-text Filter Daemon Launcher (MSSQLSERVER)"
or SvcDisplayName == "SQL Full-text Filter Daemon Launcher (SQLEXPRESS)"
or SvcDisplayName == " SQL Server (MSSQLSERVER)"
or SvcDisplayName == "SQL Server (Test) "
or SvcDisplayName == "SQL Server Agent (MSSQLSERVER)"
or SvcDisplayName == "SQL Server Agent (Test)"
or SvcDisplayName == "SQL Server Browser"
or SvcDisplayName == "SQL Server Integration Services 10.0"
or SvcDisplayName == "SQL Full-text Filter Daemon Launcher (FIDO)"
or SvcDisplayName == "SQL Full-text Filter Daemon Launcher (SUN)"
or SvcDisplayName == "SQL Server (FIDO)"
or SvcDisplayName == "SQL Server (SUN)"
or SvcDisplayName == "SQL Server Agent (FIDO)"
or SvcDisplayName == "SQL Server VSS Writer"
or SvcDisplayName == " SQL Server Integration Services 11.0"
or SvcDisplayName == "SQL Server Reporting Services (MSSQLSERVER)"
or SvcDisplayName == "SQL Server Reporting Services (SQLEXPRESS)"
or SvcDisplayName == "SQL Server Analysis Services (MSSQLSERVER)"
)

问一个问题,如果其中一项服务在上述任一服务器中停止运行,我是否会收到有关该服务器的电子邮件,否则将列出所有服务器

2 个答案:

答案 0 :(得分:0)

编写查询只是问题的一半。基于该查询will need to be created的警报以获取电子邮件。

电子邮件将是查询的结果,在这种情况下,将是已停止的服务器/服务的所有组合。

答案 1 :(得分:0)

谢谢,我已经得到了这个问题的答案,我创建了另一个与此类似的查询,并且我创建了一个警报,用于在服务器组合中停止任何服务时通过电子邮件发送给组以进行操作。

见解 前10个结果 电脑NH-P2PAPP01.networkhg.org.uk

ConfigChangeType WindowsServices 修改变更类别 SourceComputerId d901f954-1d9a-43b5-a0b9-afd0cf688923 SvcChangeType状态 SvcDisplayName集成SPC FINPROD SvcName SPCFINPROD SvcState已停止 SvcPreviousState运行 SvcStartupType自动 SvcAccount LocalSystem SvcPath F:\ Integra \ intspc \ FINPROD \ bin .. \ bin \ spc_64.exe // RS // SPCFINPROD 源系统OpsManager 毫克00000000-0000-0000-0000-000000000001 ManagementGroupName AOI-4d3a9999-1d9a-4086-8d0c-1a31ac03c9d8 租户编号4d3a9999-1d9a-4086-8d0c-1a31ac03c9d8 产生时间2020-06-14T01:00:20 VMUUID 116e3f42-eb84-de2e-00c5-c56ed4f4b80f LastSnapshotAge 60 输入ConfigurationChange

相关问题
最新问题