I have developed a powershell script that checkes the Status of Application Pool in IIS and gives me an output like this in Azure Function App:
the function app should run every two hours and I am trying to make a kql query to filter the logs and show me only the last status of each Application pool on each Server as follow:
traces
| where message contains "AppNAme:"
| parse message with * "OUTPUT: ResourceGroupName:" ResourceGroupName "VmName:" VmName "AppNAme: " AppName "Status: " Status
| where AppName !contains "SharePoint Web Services Root" and VmName !contains "PHA02"
| extend flag = iif(Status == "Started", 1, 0)
| summarize arg_max(strcat(timestamp,flag), *) by itemType
| project timestamp, ResourceGroupName, VmName, AppName, Status
at this line | summarize arg_max(strcat(timestamp,flag), *) by itemType my aim is to filter the logs and show the latest status of each Application pool. but this code brings me the latest application pool of last server. I need the latest status of each application pool on each server.
could someone might help me. I appreciate it a lot.
I tried this
traces
| where message contains "AppNAme:"
| parse message with * "OUTPUT: ResourceGroupName:" ResourceGroupName "VmName:" VmName "AppNAme: " AppName "Status: " Status
| where AppName !contains "SharePoint Web Services Root" and VmName !contains "PHA02"
| extend flag = iif(Status == "Started", 1, 0)
| summarize arg_max(strcat(timestamp,flag), *) by itemType
| project timestamp, ResourceGroupName, VmName, AppName, Status
at this line | summarize arg_max(strcat(timestamp,flag), *) by itemType my aim is to filter the logs and show the latest status of each Application pool. but this code brings me the latest application pool of last server. I need the latest status of each application pool on each server.
Try a summarization by AppName and VmName: