Query Details
Common Security Log Costsby Vendor
Query
//Billing by device for CommonSecurityLog
let Price = 4.71; // adjust to the region
let TimeRange = 7d; // required time range
CommonSecurityLog
| where TimeGenerated > ago(TimeRange)
| summarize
Entries = count(),
BilledSize = sum(_BilledSize) by DeviceVendor
| extend ['Estimated Price'] = (BilledSize / (1000 * 1000 * 1000)) * Price
| extend Size = format_bytes(BilledSize)
| project DeviceVendor, Entries, Size, ['Estimated Price']
| order by Size desc
Explanation
This query calculates the estimated price for billing by device for the CommonSecurityLog. It counts the number of entries and calculates the billed size for each device vendor. It then estimates the price based on the billed size and a predefined price per unit. The results are displayed with the device vendor, number of entries, size in bytes, and estimated price, ordered by size in descending order.
Details
Rod Trent
Released: January 14, 2022
Tables
CommonSecurityLog
Keywords
DeviceVendor,Entries,Size,['EstimatedPrice']
Operators
wheresummarizecount()sum()byextendformat_bytes()projectorder by