Query Details
Systemthat Have Updatedinthe Last4hours
Query
//Systems that have updated in the last 4 hours Update | where TimeGenerated < ago(4h) | where UpdateState != 'Installed' | extend Resource = Computer | summarize count() by Resource | sort by count_ desc
Explanation
This query is looking for systems that have been updated in the last 4 hours. It filters out systems where the update state is 'Installed'. It then creates a new column called Resource which contains the computer name. It summarizes the count of updates for each resource (computer) and sorts the results in descending order.
Details
Rod Trent
Released: July 14, 2020
Tables
Update
Keywords
Systems,Update,TimeGenerated,ago,UpdateState,Installed,Resource,Computer,count,sort
Operators
UpdatewhereTimeGenerated<ago4hwhereUpdateState!='Installed'extendResource=Computersummarizecount()byResourcesort bycount_desc