This post is aimed at beginners with Azure Log Analytics. I’ll be discussing how you can use the Azure Log Analytics Distinct operator when you query data in your Log Analytics workspace. The Distinct operator is useful when you want to DE-duplicate your data. Or if you want to generate a report, or finding how many unique values you have in a solution.
Perf | distinct Computer
We can find all the computers that are reporting performance data to Log Analytics.
Using the same method we can find the computers that are reporting data for any solution, simply by replacing Perf with the field name in the workspace.
Using the same performance example, what if we wanted to find all the object types that we have performance data for?
We would use:
Perf | distinct ObjectName
And finally we want to see all the metrics for each object, in this case CounterName.
Perf | distinct ObjectName, CounterName
This shows all the metrics we are currently collecting for performance data.
Moving on to a different solution. We’ll use the Update Management solution, which you’ll need if you want to try these queries.
We can get our Windows Update Settings for all servers we’re managing with the Update Management solution.
UpdateSummary | distinct Computer, WindowsUpdateSetting
However, we’re not limited to just one or two fields. We can add more, in this example we’ll get our servers, their update setting, OS version and the oldest update they need in days.
UpdateSummary | distinct Computer, WindowsUpdateSetting, OsVersion, OldestMissingSecurityUpdateInDays
Finally, we can quickly build a report of servers needing updates, the KB number and title of the update.
Update | where UpdateSate == "Needed" | distinct Computer, KBID, Title
One thing to note about this last query. When the time frame for the query is longer than 24 hours it could return inaccurate data. For instance some of your servers were updated in that time frame.
This was a quick post on using the Azure Log Analytics Distinct operator. One more thing to note, the new language for Azure Log Analytics is case sensitive, just like the old one.
You can find more documentation from Microsoft on the language here https://docs.loganalytics.io/docs/Language-Reference/Change-log
Hi, I’m Billy York. I’m a Cloud and Datacenter Management MVP, specializing in monitoring and automation. Here you’ll find posts about AzureMonitor, LogAnalytics, System Center Operations Manager, Powershell, Hyper-V, Azure Automation, Azure Governance and other Microsoft related technologies.