Query Details
Common Security Log Throughput
Query
//Throughput for the Common Security Log
let Now = now();
(range TimeGenerated from ago(7d) to Now-1d step 1d
| extend Count = 0
| union isfuzzy=true
(CommonSecurityLog
| summarize Count = count() by bin_at(TimeGenerated, 1m, Now))
| summarize Count=max(Count) by bin_at(TimeGenerated, 1m, Now)
| sort by TimeGenerated
| project Value = iff(isnull(Count), 0, Count), Time = TimeGenerated, Legend = "Common Security Log")
Explanation
This query calculates the throughput for the Common Security Log over the past 7 days. It counts the number of logs generated every minute and then finds the maximum count for each minute. The results are sorted by time and the value, time, and legend (which is set as "Common Security Log") are projected. If there are no logs for a particular minute, the count is set to 0.
Details
Rod Trent
Released: July 14, 2021
Tables
CommonSecurityLog
Keywords
Devices,Intune,User,CommonSecurityLog
Operators
rangeextendunionisfuzzysummarizecountbybin_atmaxsortprojectiffisnull