用于访问 Azure 更新管理器操作数据的示例 Azure Resource Graph 查询

下面是一些示例查询,可帮助你开始查询从托管计算机收集的更新评估和部署信息。 若要详细了解从更新评估和安装等操作创建的日志,请参阅查询日志概述

列出所有计算机的按更新类别分组的可用更新

以下查询返回计算机的挂起更新的列表,其中包含执行评估的时间、评估的资源 ID、计算机上的 OS 类型,以及基于更新分类提供的 OS 更新。

patchassessmentresources
| where type !has "softwarepatches"
| extend prop = parse_json(properties)
| extend lastTime = properties.lastModifiedDateTime
| extend updateRollupCount = prop.availablePatchCountByClassification.updateRollup, featurePackCount = prop.availablePatchCountByClassification.featurePack, servicePackCount = prop.availablePatchCountByClassification.servicePack, definitionCount = prop.availablePatchCountByClassification.definition, securityCount = prop.availablePatchCountByClassification.security, criticalCount = prop.availablePatchCountByClassification.critical, updatesCount = prop.availablePatchCountByClassification.updates, toolsCount = prop.availablePatchCountByClassification.tools, otherCount = prop.availablePatchCountByClassification.other, OS = prop.osType
| project lastTime, id, OS, updateRollupCount, featurePackCount, servicePackCount, definitionCount, securityCount, criticalCount, updatesCount, toolsCount, otherCount

更新安装计数

以下查询返回一个更新安装列表,其中包含这些安装在过去 7 天内相对于计算机的状态。 结果包括运行更新部署的时间、安装的资源 ID、计算机详细信息,以及根据状态和你的选择安装的 OS 更新的计数。

patchinstallationresources
| where type !has "softwarepatches"
| extend machineName = tostring(split(id, "/", 8)), resourceType = tostring(split(type, "/", 0)), tostring(rgName = split(id, "/", 4))
| extend prop = parse_json(properties)
| extend lTime = todatetime(prop.lastModifiedDateTime), OS = tostring(prop.osType), installedPatchCount = tostring(prop.installedPatchCount), failedPatchCount = tostring(prop.failedPatchCount), pendingPatchCount = tostring(prop.pendingPatchCount), excludedPatchCount = tostring(prop.excludedPatchCount), notSelectedPatchCount = tostring(prop.notSelectedPatchCount)
| where lTime > ago(7d)
| project lTime, RunID=name,machineName, rgName, resourceType, OS, installedPatchCount, failedPatchCount, pendingPatchCount, excludedPatchCount, notSelectedPatchCount

Windows Server OS 更新安装的列表

以下查询返回一个针对 Windows Server 的更新安装列表,其中包含这些安装在过去 7 天内相对于计算机的状态。 结果包括运行更新部署的时间、安装的资源 ID、计算机详细信息,以及其他相关的部署详细信息。

patchinstallationresources
| where type has "softwarepatches" and isnull(properties.version)
| extend machineName = tostring(split(id, "/", 8)), resourceType = tostring(split(type, "/", 0)), tostring(rgName = split(id, "/", 4)), tostring(RunID = split(id, "/", 10))
| extend prop = parse_json(properties)
| extend lTime = todatetime(prop.lastModifiedDateTime), patchName = tostring(prop.patchName), kbId = tostring(prop.kbId), installationState = tostring(prop.installationState), classifications = tostring(prop.classifications)
| where lTime > ago(7d)
| project lTime, RunID, machineName, rgName, resourceType, patchName, kbId, classifications, installationState
| sort by RunID

Linux OS 更新安装的列表

以下查询返回一个针对 Linux 的更新安装列表,其中包含这些安装在过去 7 天内相对于计算机的状态。 结果包括运行更新部署的时间、安装的资源 ID、计算机详细信息,以及其他相关的部署详细信息。

patchinstallationresources
| where type has "softwarepatches" and isnotnull(properties.version) and isnull(properties.kbId)
| extend machineName = tostring(split(id, "/", 8)), resourceType = tostring(split(type, "/", 0)), tostring(rgName = split(id, "/", 4)), tostring(RunID = split(id, "/", 10))
| extend prop = parse_json(properties)
| extend lTime = todatetime(prop.lastModifiedDateTime), patchName = tostring(prop.patchName), version = tostring(prop.version), installationState = tostring(prop.installationState), classifications = tostring(prop.classifications)
| where lTime > ago(7d)
| project lTime, RunID, machineName, rgName, resourceType, patchName, version, classifications, installationState
| sort by RunID

VM 级别的维护运行记录列表

以下查询返回 VM 的所有维护运行记录的列表

maintenanceresources 
| where ['id'] contains "/subscriptions/<subscription-id>/resourcegroups/<resource-group>/providers/microsoft.compute/virtualmachines/<vm-name>" //VM Id here
| where ['type'] == "microsoft.maintenance/applyupdates" 
| where properties.maintenanceScope == "InGuestPatch"

后续步骤