共用方式為

ConfigurationChange 數據表的查詢

  • 發行項

如需在 Azure 入口網站 使用這些查詢的資訊,請參閱Log Analytics教學課程。 如需 REST API,請參閱 查詢

已停止的 Windows 服務

尋找過去 30 分鐘內停止的所有 Windows 服務。

// To create an alert for this query, click '+ New alert rule'
ConfigurationChange  // (relies on the Change Tracking solution): 
| where ConfigChangeType == "WindowsServices" and SvcChangeType == "State"
| where SvcPreviousState == "Running" and SvcState == "Stopped"
| where SvcStartupType == "Auto" and TimeGenerated > ago(30m)

軟體變更

列出依時間排序的軟體變更(最新第一個)。

ConfigurationChange
| where ConfigChangeType == "Software"
| sort by TimeGenerated desc

服務變更

列出依時間排序的服務變更(最新第一個)。

ConfigurationChange
| where ConfigChangeType == "Services"
| sort by TimeGenerated desc

每部電腦的軟體變更類型

計算計算機的軟體變更。

ConfigurationChange 
| where ConfigChangeType == "Software"
| summarize AggregatedValue = count() by Computer

已停止的服務

列出依時間排序的已停止服務變更。

ConfigurationChange 
| where ConfigChangeType == "WindowsServices" and SvcState == "Stopped" 
| sort by TimeGenerated desc

每個類別的軟體變更計數

依變更類別計算軟體變更。

ConfigurationChange
| where ConfigChangeType == "Software"
| summarize AggregatedValue = count() by ChangeCategory

已移除軟體變更

顯示已移除之軟體的變更記錄。

ConfigurationChange
| where ConfigChangeType == "Software" and ChangeCategory == "Removed"
| order by TimeGenerated desc