Query Details
Data Per Computer
Query
//Data by agented computer, split by billable, non-billable, and total
find where TimeGenerated > ago(1d) project _BilledSize, _IsBillable, Computer, _ResourceId
| where _isBillable=true and isnotempty(Computer)
| summarize billedData = sumif(_BilledSize, _IsBillable=~true),
freeData = sumif(_BilledSize, _IsBillable=~false) by Computer
| extend Total_Data = billedData + freeData
| order by billedData desc
//Same data, converted to MB
find where TimeGenerated > ago(1d) project _BilledSize, _IsBillable, Computer, _ResourceId
| where _isBillable=true and isnotempty(Computer)
| summarize billedData = format_bytes(sumif(_BilledSize, _IsBillable=~true)),
freeData = format_bytes(sumif(_BilledSize, _IsBillable=~false)),
billedData1 = sumif(_BilledSize, _IsBillable=~true),
freeData1 = sumif(_BilledSize, _IsBillable=~false)
by Computer
| extend total_d = billedData1 + freeData1
| extend Total_Data = format_bytes(total_d)
| project-away billedData1, freeData1, total_d
| order by billedData desc
Explanation
The query retrieves data on computer usage by agents, categorized as billable and non-billable, and calculates the total data used. It then orders the results by the amount of billable data. The second part of the query converts the data to megabytes and presents the results in the same format.
Details
Rod Trent
Released: April 4, 2024
Tables
Tablename: None
Keywords
TimeGenerated,Computer,_BilledSize,_IsBillable,_ResourceId,Total_Data,billedData,freeData
Operators
findprojectwhereisnotemptysummarizesumifextendorder byformat_bytesproject-away