Query Details
Alert Context Parser
Query
//Parser for getting the EventID from the AlertContext column in the Alert table Alert | parse-where AlertContext with * "EventNumber>" EventNo "<" * | project EventNo
Explanation
This query is used to extract the EventID from the AlertContext column in the Alert table. It uses the parse-where operator to search for the EventNumber value within the AlertContext column and then projects only the EventNo value.
Details
Rod Trent
Released: August 6, 2021
Tables
Alert
Keywords
Alert,parse-where,AlertContext,EventNumber,EventNo,project
Operators
parse-wherewith*"EventNumber>"EventNo"<"*project