Query Details
Online Offline
Query
//Show (with indicators) if a Computer is online or not Update | extend ResourceId = iif(isempty(ResourceId), Computer, ResourceId) | summarize arg_max(TimeGenerated, *) by ResourceId | extend Online = iif(TimeGenerated < ago(1h),"⚫","🟢") | project LastSeen=TimeGenerated, Online, Computer, OS = iif(OSType == "Linux", "Linux", "Windows") | sort by LastSeen
Explanation
This query checks if a computer is online or not. It updates the data, assigns a resource ID if it is empty, finds the latest time generated for each resource ID, determines if the computer was last seen within the past hour, and assigns an indicator (⚫ for offline, 🟢 for online). It then selects and displays the last seen time, online status, computer name, and operating system type (Linux or Windows), and sorts the results by the last seen time.
Details
Rod Trent
Released: November 3, 2022
Tables
Update
Keywords
Computer,Online,Update,ResourceId,TimeGenerated,OS,LastSeen
Operators
Updateextendiifisemptysummarizearg_maxbyTimeGeneratedResourceIdOnlineagoprojectLastSeenComputerOSOSTypesort by