Query Details
Check If Device Restart Is Required
Query
Use Case: Monitoring and alerting on systems that have pending restarts due to recent application installations or updates within the last 7 days.
Query:
WindowsEvent('Application', 7d)
| where Message == 'Machine restart is required.'Explanation
The query is looking for Windows events in the 'Application' category that occurred within the last 7 days. It then filters the events to only include those where the message is 'Machine restart is required'. This query is used for monitoring and alerting on systems that need to be restarted due to recent application installations or updates.
Details
Ugur Koc
Released: February 4, 2024
Tables
WindowsEvent
Keywords
WindowsEvent,Application,7d,Message,Machinerestartisrequired
Operators
WindowsEventwhereMessage==