Which query should you use?

You implement Log Analytics in Microsoft Operations Management Suite (OMS) on all servers that run
Windows Server 2016.
You need to generate a daily report that identifies which servers restarted during the last 24 hours.
Which query should you use?

You implement Log Analytics in Microsoft Operations Management Suite (OMS) on all servers that run
Windows Server 2016.
You need to generate a daily report that identifies which servers restarted during the last 24 hours.
Which query should you use?

A.
EventLog=Application EventId:6009 Type:Event TimeGenerated>NOW+24HOURS

B.
EventLog=Application EventId:6009 Type:Event TimeGenerated>NOW-24HOURS

C.
EventLog=System EventId:6009 Type:Event TimeGenerated>NOW-24HOURS

D.
EventLog=System EventId:6009 Type:Event TimeGenerated>NOW+24HOURS

Explanation:
https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-log-searches
Computer restart events are stored in “System” eventlog instead of Application even log.
“NOW-24HOURS” clause matches all events generated in the last 24 hours.

Show Hint

Leave a Reply 0

Your email address will not be published. Required fields are marked *