Query Details
Heartbeatnotreceivedinlast30min
Query
//Systems that might have missed sending heartbeat to log analytics workspace for the last 30 min Heartbeat | summarize count() by bin(TimeGenerated, 1h),Computer | extend Heartbeats = iff((count_ <= 30),"missing Heartbeats","received all heartbeats")
Explanation
This query is looking for systems that may not have sent a heartbeat to the log analytics workspace in the last 30 minutes. It groups the heartbeats by the hour they were generated and the computer they came from. It then determines if the number of heartbeats is less than or equal to 30, and labels them as either "missing heartbeats" or "received all heartbeats".
Details
Rod Trent
Released: March 9, 2022
Tables
Heartbeat
Keywords
Heartbeat,TimeGenerated,Computer
Operators
Heartbeatsummarizecount()bybin()extendiff()<=