Let’s find out the ConfigMgr CMPivot Query to Collect Windows Update Logs from the SCCM Client Remotely. The ConfigMgr CMPivot is based on a fast-channel notification architecture.
The WindowsUpdate.log is part of event logs called WindowsUpdateClient with the latest versions of Windows.
Many organizations use SCCM (WSUS) and Intune (WUfB) to patch Windows 10 devices. Collecting Windows update logs (WindowsUpdate.log) from the SCCM client is important for troubleshooting Windows updates or patching issues.
ConfigMgr CMPivot query tool allows you to assess the state of devices quickly. When you run a query against a device collection, the CMPivot tool will run a query in real-time on all currently connected (online) devices in the selected collection.
Table of Contents
WindowsUpdateClient Event Logs
You don’t have WindowsUpdate.log available out of the box with the latest version of Windows. Instead, you need to use the following PowerShell command to create WindowsUpdate.log. The Get-WindowsUpdateLog cmdlet merges and converts Windows Update .etl files into a single readable WindowsUpdate.log file.
Get-WindowsUpdateLog
- CMPivot Query for SCCM BitLocker Management Event Logs
- Publish CMPivot Query To The SCCM Community Hub Contributions
How to Collect Windows Update Logs from SCCM Client
You can use the CMPivot query to collect Windows update logs from Windows devices. This is the easiest way to get the error details from Windows Update Client event logs.
- Navigate to the device collection against which you want to run the CMPivot query.
- Select any device collection.
- Right-click on Device Collection.
- Select Start CMPivot.
NOTE: I don’t recommend using the All System collection in a production environment with more than many Windows devices. Instead, use the collection with fewer devices to try out the query.
ConfigMgr CMPivot Query for Event Logs
Let’s see how to find the ConfigMgr CMPivot query for event logs. It would be best to remember the log information you query through CMPivot.
The following CMPivot query gives you the details of Microsoft-Windows-WindowsUpdateClient/Operational event logs for the last hour.
WinEvent('Microsoft-Windows-WindowsUpdateClient/Operational', 1h)
The following CMPivot query gives you the details of Microsoft-Windows-WindowsUpdateClient/Operational event logs for the last day.
WinEvent('Microsoft-Windows-WindowsUpdateClient/Operational', 1d)
The following CMPivot query gives you the error and count of devices with a summary dashboard by querying Microsoft-Windows-WindowsUpdateClient/ Operational event logs for the last day.
WinEvent('Microsoft-Windows-WindowsUpdateClient/Operational', 1d)
| where LevelDisplayName =='Error'
| summarize count() by Device
Export CMPivot Query Results
Let’s find out how to export CMPivot query results into a CSV file.
- Click on the Export button.
- From the drop-down menu, select Result to file.
| Device | LevelDisplayName | DateTime | Message | ProviderName | ID |
|---|---|---|---|---|---|
| Prod-Win20 | Information | 07-02-2021 03:41 | Windows Update successfully found 0 updates. | Microsoft-Windows-WindowsUpdateClient | 26 |
Resources
- SCCM CMPivot Query Devices with Greater than 15 GB Free Disk Space
- SCCM CMPivot Query for Windows 10 English Language Devices | ConfigMgr
- ConfigMgr Software Updates Troubleshooting Tips
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.
Author
Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.