Query Details
Agent Infowith Location
Query
//Queries the Heartbeat table to locate installed LA agents and if on-prem or in Azure Heartbeat | where TimeGenerated >= (90d) | where Category == "Direct Agent" | where isnotempty(ResourceType) | extend Cloud = ResourceProvider == "Microsoft.Compute" | extend Onprem = ResourceProvider == "Microsoft.HybridCompute" | distinct Computer, ResourceType, Cloud, Onprem
Explanation
This query searches the Heartbeat table for installed LA agents and determines if they are on-premises or in Azure. It filters the results based on the time generated in the last 90 days and the category being "Direct Agent". It also checks if the ResourceType is not empty. It then extends the query to include a column called "Cloud" which indicates if the agent is in Azure based on the ResourceProvider being "Microsoft.Compute". Similarly, it extends the query to include a column called "Onprem" which indicates if the agent is on-premises based on the ResourceProvider being "Microsoft.HybridCompute". Finally, it returns the distinct values of Computer, ResourceType, Cloud, and Onprem.
Details
Rod Trent
Released: October 1, 2021
Tables
Keywords
Operators