Query Details
Heartbeat Visualize Distinct Computersper Month
Query
//Visualize distinct computers per month sending data //Data connector required for this query - Heartbeat (created automatically when you onboard machines to Sentinel) Heartbeat | where TimeGenerated > ago(365d) | summarize Count=dcount(Computer)by Month=startofmonth(TimeGenerated) | render columnchart with (title="Distinct monthly computers sending data to Microsoft Sentinel")
Explanation
This query visualizes the number of unique computers that send data to Microsoft Sentinel each month. It uses the Heartbeat data connector and filters the data for the past year. The query then groups the computers by month and counts the distinct computers. Finally, it renders a column chart to display the results with a title indicating the purpose of the chart.
Details
Matt Zorich
Released: June 17, 2022
Tables
Heartbeat
Keywords
Heartbeat,TimeGenerated,Computer,Month,Count
Operators
wheresummarizedcountbystartofmonthrender