zMonitor icon indicating copy to clipboard operation
zMonitor copied to clipboard
verified publisher icon microsoft

New OMS query setup

Open CharlPels opened this issue 8 years ago • 0 comments

The current sample seems to use the old querys

example Type=Alert (AlertSeverity=error or AlertSeverity=critical) TimeGenerated>NOW-24HOUR AlertState!=Closed

should now be something like this Alert | where (AlertSeverity =~ "error" or AlertSeverity =~ "critical") and TimeGenerated > ago(24h) and AlertState != "Closed"

this however is not working like it should in current powershell code

CharlPels avatar Dec 08 '17 12:12 CharlPels