Query Details
Computersunhealthystate
Query
let timeRangeQuery = 1h; let UnhealthyCriteria = 1m; Heartbeat | where TimeGenerated > startofday(ago(timeRangeQuery)) | summarize LastHeartbeat = max(TimeGenerated) by Computer, OSType, OSName | extend State = iff(LastHeartbeat < ago(UnhealthyCriteria), 'Unhealthy', 'Healthy') | extend TimeFromNow = now() - LastHeartbeat | extend ["TimeAgo"] = strcat(toint(TimeFromNow / 1s), ' seconds') | project Computer, State, TimeAgo, TimeFromNow, OSType | order by TimeAgo desc, State desc
Explanation
This query retrieves the latest heartbeat information for computers and categorizes them as either "Healthy" or "Unhealthy" based on the time of the last heartbeat. It also calculates the time elapsed since the last heartbeat in seconds and displays it as "TimeAgo". The results are then sorted by the time elapsed and the state of the computer.
Details
Rod Trent
Released: March 26, 2020
Tables
Heartbeat
Keywords
Devices,Intune,User
Operators
wheresummarizemaxbyextendiffnow-<agotoint/1sstrcatprojectorder bydesc