y0nil
commented
4 years ago Hi @Arslannetworkhomes ,
this repo is the home for the Kusto Query Language. questions regarding features of services such as Log Analytics should be directed either at the relevant support channel for that service (you could try Stack Overflow, or opening a support ticket for your resource through its user interface)
ConfigurationChange | where ConfigChangeType == "WindowsServices" and SvcState == "Stopped" and ( Computer has "NET-SQL2.networkhg.org.uk" or Computer has "NET-SQL3.networkhg.org.uk" or Computer has "NET-GISSQL1.networkhg.org.uk" or Computer has "NET-CALSQL.networkhg.org.uk" ) and ( SvcDisplayName == "SQL Full-text Filter Daemon Launcher (TEST)" or SvcDisplayName == "SQL Full-text Filter Daemon Launcher (MSSQLSERVER)" or SvcDisplayName == "SQL Full-text Filter Daemon Launcher (SQLEXPRESS)" or SvcDisplayName == " SQL Server (MSSQLSERVER)" or SvcDisplayName == "SQL Server (Test) "
or SvcDisplayName == "SQL Server Agent (MSSQLSERVER)" or SvcDisplayName == "SQL Server Agent (Test)" or SvcDisplayName == "SQL Server Browser" or SvcDisplayName == "SQL Server Integration Services 10.0" or SvcDisplayName == "SQL Full-text Filter Daemon Launcher (FIDO)" or SvcDisplayName == "SQL Full-text Filter Daemon Launcher (SUN)" or SvcDisplayName == "SQL Server (FIDO)" or SvcDisplayName == "SQL Server (SUN)" or SvcDisplayName == "SQL Server Agent (FIDO)" or SvcDisplayName == "SQL Server VSS Writer" or SvcDisplayName == " SQL Server Integration Services 11.0" or SvcDisplayName == "SQL Server Reporting Services (MSSQLSERVER)" or SvcDisplayName == "SQL Server Reporting Services (SQLEXPRESS)" or SvcDisplayName == "SQL Server Analysis Services (MSSQLSERVER)" )
Question to ask, if one of the service gets stopped in any of the server mentioned above, will I get an email with regards to that server or all the servers will be listed