Query Details
Cost Per Subscription
Query
//Sentinel cost per subscription union withsource=TableName1 * | where TimeGenerated > ago(30d) | summarize Entries = count(), Size = sumif(_BilledSize, _IsBillable == true), estimate = sumif(_BilledSize, _IsBillable == true) by TableName1, _IsBillable, _ResourceId, _SubscriptionId | project ['Table Name'] = TableName1, ['Table Size'] = Size, ['IsBillable'] = _IsBillable, ['Estimated Table Price'] = (estimate / (1024 * 1024 * 1024)) * 2.95, ['Resource'] = _ResourceId, _SubscriptionId | order by ['Table Size'] desc | summarize sum(['Estimated Table Price']) by _SubscriptionId | order by ['sum_Estimated Table Price'] desc
Explanation
This query calculates the estimated cost of Sentinel per subscription. It retrieves data from a table called TableName1 and filters it to include only data generated in the last 30 days. It then summarizes the data by counting the number of entries, calculating the size of the table, and estimating the cost based on the size. The results are grouped by table name, billability, resource ID, and subscription ID. The query also includes additional project and ordering operations to format the output. Finally, it summarizes the estimated table price by subscription ID and orders the results in descending order based on the total estimated cost.
Details
Rod Trent
Released: March 14, 2022
Tables
TableName1
Keywords
Devices,Intune,User,Subscription
Operators
unionwithsourcewheresummarizecount()sumif()byprojectorder bydesc