Query Details
Analytics Rule Last Run
Query
// Last modified time for unique incident numbers = last run time SecurityIncident | summarize arg_max(LastModifiedTime,*) by IncidentNumber
Explanation
This query finds the last modified time for each unique incident number in the SecurityIncident table. It uses the arg_max function to retrieve the latest LastModifiedTime value for each IncidentNumber.
Details
Rod Trent
Released: June 30, 2022
Tables
SecurityIncident
Keywords
SecurityIncident,LastModifiedTime,IncidentNumber
Operators
summarizearg_maxby