存取 Azure 更新管理員作業資料的範例 Azure Resource Graph
以下是一些範例查詢,可協助您開始查詢從受控機器收集的更新評估和部署資訊。 如需從更新評估與安裝等作業建立之記錄的詳細資訊,請參閱查詢記錄概觀。
列出可供您所有機器使用的更新 (依更新類別分組)
下列查詢會傳回機器的擱置中更新清單,其中包含執行評量的時間、評量的資源識別碼、機器上的作業系統類型,以及根據更新分類提供使用的作業系統更新。
patchassessmentresources
| where type !has "softwarepatches"
| extend prop = parse_json(properties)
| extend lastTime = properties.lastModifiedDateTime
| extend updateRollupCount = prop.availablePatchCountByClassification.updateRollup, featurePackCount = prop.availablePatchCountByClassification.featurePack, servicePackCount = prop.availablePatchCountByClassification.servicePack, definitionCount = prop.availablePatchCountByClassification.definition, securityCount = prop.availablePatchCountByClassification.security, criticalCount = prop.availablePatchCountByClassification.critical, updatesCount = prop.availablePatchCountByClassification.updates, toolsCount = prop.availablePatchCountByClassification.tools, otherCount = prop.availablePatchCountByClassification.other, OS = prop.osType
| project lastTime, id, OS, updateRollupCount, featurePackCount, servicePackCount, definitionCount, securityCount, criticalCount, updatesCount, toolsCount, otherCount
更新安裝的計數
下列查詢會傳回更新安裝清單,其中包含過去七天內機器的更新安裝狀態。 結果包括執行更新部署的時間、安裝的資源識別碼、機器詳細資料,以及根據其狀態和您的選擇所安裝的作業系統更新計數。
patchinstallationresources
| where type !has "softwarepatches"
| extend machineName = tostring(split(id, "/", 8)), resourceType = tostring(split(type, "/", 0)), tostring(rgName = split(id, "/", 4))
| extend prop = parse_json(properties)
| extend lTime = todatetime(prop.lastModifiedDateTime), OS = tostring(prop.osType), installedPatchCount = tostring(prop.installedPatchCount), failedPatchCount = tostring(prop.failedPatchCount), pendingPatchCount = tostring(prop.pendingPatchCount), excludedPatchCount = tostring(prop.excludedPatchCount), notSelectedPatchCount = tostring(prop.notSelectedPatchCount)
| where lTime > ago(7d)
| project lTime, RunID=name,machineName, rgName, resourceType, OS, installedPatchCount, failedPatchCount, pendingPatchCount, excludedPatchCount, notSelectedPatchCount
Windows Server 作業系統更新安裝的清單
下列查詢會傳回 Windows Server 的更新安裝清單,其中包含過去七天內機器的更新安裝狀態。 結果包括執行更新部署的時間、安裝的資源識別碼、機器詳細資料,以及其他相關的部署詳細資料。
patchinstallationresources
| where type has "softwarepatches" and isnull(properties.version)
| extend machineName = tostring(split(id, "/", 8)), resourceType = tostring(split(type, "/", 0)), tostring(rgName = split(id, "/", 4)), tostring(RunID = split(id, "/", 10))
| extend prop = parse_json(properties)
| extend lTime = todatetime(prop.lastModifiedDateTime), patchName = tostring(prop.patchName), kbId = tostring(prop.kbId), installationState = tostring(prop.installationState), classifications = tostring(prop.classifications)
| where lTime > ago(7d)
| project lTime, RunID, machineName, rgName, resourceType, patchName, kbId, classifications, installationState
| sort by RunID
Linux OS 更新安裝的清單
下列查詢會傳回 Linux 的更新安裝清單,其中包含過去七天內機器的更新安裝狀態。 結果包括執行更新部署的時間、安裝的資源識別碼、機器詳細資料,以及其他相關的部署詳細資料。
patchinstallationresources
| where type has "softwarepatches" and isnotnull(properties.version) and isnull(properties.kbId)
| extend machineName = tostring(split(id, "/", 8)), resourceType = tostring(split(type, "/", 0)), tostring(rgName = split(id, "/", 4)), tostring(RunID = split(id, "/", 10))
| extend prop = parse_json(properties)
| extend lTime = todatetime(prop.lastModifiedDateTime), patchName = tostring(prop.patchName), version = tostring(prop.version), installationState = tostring(prop.installationState), classifications = tostring(prop.classifications)
| where lTime > ago(7d)
| project lTime, RunID, machineName, rgName, resourceType, patchName, version, classifications, installationState
| sort by RunID
VM 層級的維護執行記錄清單
下列查詢會傳回 VM 的所有維護執行記錄清單
maintenanceresources
| where ['id'] contains "/subscriptions/<subscription-id>/resourcegroups/<resource-group>/providers/microsoft.compute/virtualmachines/<vm-name>" //VM Id here
| where ['type'] == "microsoft.maintenance/applyupdates"
| where properties.maintenanceScope == "InGuestPatch"
下一步
- 使用 Azure Resource Graph 在 Azure 中檢閱更新員的記錄和搜尋結果。
- 若要在更新管理員進行問題疑難排解,請參閱疑難排解。