Query Details
Event ID Storagein Bytes
Query
//Show how much each storage each EventID is taking up in bytes SecurityEvent | summarize count() by Activity, EventID | extend size_in_bytes = count_ * 500 | order by count_ desc
Explanation
This query calculates the amount of storage in bytes that each EventID is taking up. It groups the data by Activity and EventID, then calculates the size in bytes by multiplying the count of each EventID by 500. The results are then ordered in descending order based on the count.
Details
Rod Trent
Released: January 8, 2021
Tables
SecurityEvent
Keywords
Show,Storage,EventID,Bytes,SecurityEvent,Summarize,Count,Activity,Extend,Size_in_bytes,Order,Desc
Operators
summarizecount()byextendorder by