This repository has been archived by the owner on Nov 16, 2023. It is now read-only.
New OMS query setup #13
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The current sample seems to use the old querys
example
Type=Alert (AlertSeverity=error or AlertSeverity=critical) TimeGenerated>NOW-24HOUR AlertState!=Closed
should now be something like this
Alert | where (AlertSeverity =~ "error" or AlertSeverity =~ "critical") and TimeGenerated > ago(24h) and AlertState != "Closed"
this however is not working like it should in current powershell code
The text was updated successfully, but these errors were encountered: