# Custom trends NQL examples ## Keeping track of execution crashes Track the daily number of execution crashes. **Custom trend definition** {% code overflow="wrap" lineNumbers="true" %} ``` devices | include execution.crashes past 1d | compute nb_crashes = number_of_crashes.sum() | list nb_crashes , hardware.manufacturer ``` {% endcode %} **Custom trend data retrieval** You can use the above trend definition, to create the following dashboard:

1. Compute the number of devices with crashes and the total number of devices.

custom_trend.#execution_crashes.snapshots during past 90d
   | summarize devices_with_crashes = device.countif(nb_crashes > 0), device_count = device.count()

2. Observe daily changes of the total number of crashes over the last 90 days.

custom_trend.#execution_crashes.snapshots during past 90d
   | summarize number_of_crashes_ = nb_crashes.sum() by 1d

3. Observe the total number of crashes per device platform. Include only devices with at least one crash.

custom_trend.#execution_crashes.snapshots during past 90d
   | where nb_crashes > 0
   | summarize number_of_crashes_ = nb_crashes.sum() by context.device_platform
   | sort number_of_crashes_ desc

4. Observe the total number of crashes, and the number of devices with crashes per device hardware manufacturer.

custom_trend.#execution_crashes.snapshots during past 90d
   | where hardware_manufacturer != "VMWare"
   | where hardware_manufacturer != null
   | summarize number_of_crashes_ = nb_crashes.sum(), number_of_devices_ = device.count() by hardware_manufacturer
   | sort number_of_crashes_ desc

## Monitoring Windows 11 migration Track the ratio of devices with Windows 11 over time. **Custom trend definition** {% code overflow="wrap" lineNumbers="true" %} ``` devices | where operating_system.platform == windows | list operating_system.name, hardware.type ``` {% endcode %} **Custom trend data retrieval** {% code overflow="wrap" lineNumbers="true" %} ``` custom_trend.#windows_migration.snapshots during past 300d | where hardware_type !in [virtual, null] | summarize ratio_with_windows_11 = countif(operating_system_name == "*windows 11*")/count() by 1d ``` {% endcode %} ## Monitoring boot duration Track the average boot durations for each device, to monitor the effect of implementing leaner configurations. **Custom trend definition** {% code overflow="wrap" lineNumbers="true" %} ``` devices during past 1d | include device_performance.boots during past 1d | compute boot_duration = duration.avg() | list boot_duration, hardware.type ``` {% endcode %} **Custom trend data retrieval** {% code overflow="wrap" lineNumbers="true" %} ``` custom_trend.#boot_duration.snapshots during past 90d | where (context.device_platform == "Windows" and hardware_type == laptop) | summarize boot_duration_avg = boot_duration.avg() by 1d ``` {% endcode %} ## Monitoring devices with application crashes on startup Track the daily number of devices that had at least one application crash on the application startup. **Custom trend definition** {% code overflow="wrap" lineNumbers="true" %} ``` devices during past 1d | include execution.crashes during past 1d | where crash_on_start == true | compute crash_on_start_count = count() | list crash_on_start_count ``` {% endcode %} **Custom trend data retrieval** {% code overflow="wrap" lineNumbers="true" %} ``` custom_trend.#crashes_on_start.snapshots during past 300d | where crash_on_start_count > 0 | summarize devices_with_app_crashes_at_start = count() by 1d ``` {% endcode %} ## Monitoring CPU usage of different binary versions Track the average CPU usage of application broken down by its versions. **Custom trend definition** {% code overflow="wrap" lineNumbers="true" %} ``` devices | include execution.events during past 1d | where binary.name == "zoom.exe" | compute CPU_usage_ratio = ((cpu_time.sum()) * (100)) / ((execution_duration.sum()) * (number_of_logical_processors.max())), last_version = binary.version.last() | list CPU_usage_ratio, last_version ``` {% endcode %} **Custom trend data retrieval** {% code overflow="wrap" lineNumbers="true" %} ``` custom_trend.#zoom_cpu_usage_ratio.snapshots during past 300d | summarize c1 = CPU_usage_ratio.avg() by 1d, last_version ``` {% endcode %}