Let’s learn how to analyze SCCM client logs using CMPivot. ConfigMgr Twitter community is doing great work sharing many CMPivot queries. Learn more about CMPivot architecture and communication details as well. 👉SCCM CMPivot Architecture Fast Channel Making | ConfigMgr.
CMPivot query gives you the real-time value of these versions in your environment. Check out the following blog posts to find the details of Office 365 ProPlus out of support devices using the SQL query.
CMPivot Query to Analyze Client Logs
Let’s check a number of queries that can help you to analyze the SCCM client logs using the CMPivot query.
- CcmLog() is the entity object that can be used to query and analyze the logs from the client.
- As per Microsoft Docs, the CCMLog entity can analyze the Lines within 24 hours (by default) from a Ccm Log file.
Query WUAHandler Log
The following query might help you get the details of the successful completion of the software update scan through the WUAHandler.log file. You can use the same method to analyze the entries of various SCCM client-side logs.
The entry that I’m interested in the WUA Handler log is Successfully completed scan. The CMPivot query helps to analyze the log files of all the Windows 10 devices and gives us a list of devices.
CcmLog('WUAHandler') | where (LogText like '%Successfully completed scan%') | distinct Device
Script Log Analysis
Let’s try to check the options to perform analysis with the script.log file. This is useful to get the list of devices with a particular text entry in the script.log file.
CcmLog('Scripts', 1d) | where (LogText like '%Running PS script…%')
CcmLog('Scripts', 1d) | where (LogText like '%Running PS script…%') | distinct Device
Let’s find out the co-managed devices using the CMPivot tool. More details from Chris Buck.
Useful CMPivot Query
ccmlog (‘CCMSDKProvider’) | where (LogText like ‘%Device is in coexistence mode%’) | distinct Device
— Chris Buck (@SCCMF12TWICE) September 3, 2020
ccmlog ('CCMSDKProvider') | where (LogText like '%Device is in coexistence mode%') | distinct Device
Scan Errors Using CMPivot
Let’s check out the CMPivot query shared by Matthew Hudson to analyze the updatesdeployment.log file and find out scan errors.
Ccmlog ('UpdatesDeployment') | where (LogText like '%0x87d00215%') | distinct Device
A #CMPivot query to find machines with a given error code while scanning for updates
ccmlog (‘UpdatesDeployment’) | where (LogText like ‘%0x87d00215%’) | distinct Device
then you can select all devices – Run Script and perform an action on them.
— Matthew Hudson – [MS MVP] (@MatthewEHudson) August 28, 2020
- 👉SCCM CMPivot Architecture Fast Channel Making | ConfigMgr
- 👉Microsoft Doc CMPivot for real-time data in Configuration Manager