Help with KQL to monitor different services for three different servers

[Arslannetworkhomes]

ConfigurationChange
| where ConfigChangeType == "WindowsServices"
and SvcState == "Stopped"
and (
Computer has "NH-P2PAPP01.networkhg.org.uk"
or Computer has “NET-P2PLIVEAPP1.networkhg.org.uk"
or Computer has “NET-P2PTESTAPP.networkhg.org.uk”
)
and (
     SvcDisplayName == "Integra eSeries FINPROD"
    or SvcDisplayName  == "Integra SPC FINPROD” 
    or SvcDisplayName == "Integra UAS FINPROD"                   
    or SvcDisplayName  == "Integra eSeries FINDEV"
    or SvcDisplayName  == "Integra SPC FINDEV"
    or SvcDisplayName  == "Integra UAS FINDEV"
    or SvcDisplayName  == "Integra eSeries Duet"
    or SvcDisplayName  ==  “Integra eSeries SPTDEV"
    or SvcDisplayName  == "Integra eSeries FINARCH"
)

My other query is working with similar format, expect this one is being added as a custom query, I can find anything wrong

The request had some invalid properties , it keeps on saying that.

[y0nil]

Hi @arslannetworkhomes,

It would help if you Could include the error messages you're seeing, and some context about how you're sending the query, and to which kind of resource (e.g. Log Analytics, Azure Data Explorer, etc.)

In addition, in the future consider posting such troubleshooting questions to Stack Overflow (https://stackoverflow.com/questions/tagged/kusto-query-language)

[Arslannetworkhomes]

Hi @Arslannetworkhomes, It would help if you Could include the error messages you're seeing, and some context about how you're sending the query, and to which kind of resource (e.g. Log Analytics, Azure Data Explorer, etc.) In addition, in the future consider posting such troubleshooting questions to Stack Overflow (https://stackoverflow.com/questions/tagged/kusto-query-language)

Hi @Arslannetworkhomes, It would help if you Could include the error messages you're seeing, and some context about how you're sending the query, and to which kind of resource (e.g. Log Analytics, Azure Data Explorer, etc

Thanks for the response, I am saving the query as custom log search under log analytics workspace for a alert

Error message

I managed to save another query, with similar format and it worked.

I am running the query using logs under log analytic workspace and it isn't working

[y0nil]

thanks @Arslannetworkhomes.

if i take the query you posted in your original message, it appears it has some "curly" double quotes (“”) - you may want to try and replace those with standard ones ("")

see the red squiggly lines in the image below:

[Arslannetworkhomes]

thanks @Arslannetworkhomes. if i take the query you posted in your original message, it appears it has some "curly" double quotes (“”) - you may want to try and replace those with standard ones ("") see the red squiggly lines in the image below:

Thanks, I didn't thought it would be a simple fix, must be eye getting tired. I also need assistance with Monitoring agent not being installed on my linux servers, I am running this command and connecting via putty, any information will be great. Command I am using to install the agent. wget https://raw.githubusercontent.com/Microsoft/OMS-Agent-for-Linux/master/installer/scripts/onboard_agent.sh && sh onboard_agent.sh -w workspace id-s primarykey== -d opinsights.azure.com

Have you got any guidance on this ?

[y0nil]

I also need assistance with Monitoring agent not being installed on my linux servers

that doesn't sound like something related to the Kusto-Query-Language, so perhaps it'd be better for you to consult the documentation, or open a support ticket for the relevant resource you're using