协助进行KQL(磁盘空间高警报)

时间:2020-06-16 10:58:43

标签: kql

我在日志分析工作区(Azure监视)下使用KQL语言

Perf
| where ObjectName == "LogicalDisk" and CounterName == "% Free Space" and Computer != "net-fs3.networkhg.org.uk" and Computer != "NET-FS1.networkhg.org.uk"  and Computer != "NET-SQL3.networkhg.org.uk" and Computer != "NET-EDMLIVEDB1.networkhg.org.uk" and Computer != "NET-EDM_KOFAX1.networkhg.org.uk"
|summarize Free_Space = min(CounterValue) by Computer, InstanceName
| where strlen(InstanceName) == 2 and InstanceName contains ":" and Computer != "NET-REPAIR2.networkhg.org.uk" and InstanceName !contains ":E"  and Computer != "NH-E2016-01.networkhg.org.uk" and InstanceName !contains ":E" and Computer != "NH-E2016-02.networkhg.org.uk" and InstanceName !contains ":E" and Computer != "net-boxi1.networkhg.org.uk" and InstanceName !contains ":D"
| where Free_Space < 10
Can you please help me with this query, I want to make sure that, only one of instance of the computer is being monitored instead of all, for example
Computer != "net-boxi1.networkhg.org.uk" and InstanceName !contains ":D"

在这种情况下,我希望该计算机避免使用D驱动器而不是所有驱动器,就像我在查询中为所有计算机指定的那样,因为我希望监视其他驱动器。

0 个答案:

没有答案
相关问题
最新问题