Query Details
Costper Event ID
Query
SecurityEvent | where TimeGenerated >= startofday(ago(1d)) and TimeGenerated < startofday(now()) | summarize sum(_BilledSize) by EventID | order by sum__BilledSize desc
Explanation
This query is analyzing security events and summarizing the total billed size of each event, grouping them by EventID. The results are then ordered in descending order based on the total billed size.
Details
Rod Trent
Released: January 8, 2021
Tables
SecurityEvent
Keywords
SecurityEvent,TimeGenerated,EventID,BilledSize
Operators
where>=startofdayago1d<nowsummarizesumbyorder bydesc