Query Details
Ingestion Delay Snippet
Query
//Ingestion Delay snippet for Analytics Rules let ingestion_delay = 2min; let rule_look_back = 5min; <Table_Name> | where TimeGenerated >= ago(ingestion_delay + rule_look_back) | where ingestion_time() > ago(rule_look_back)
Explanation
This query is checking for any delay in data ingestion for a specific table. It sets the variables for the ingestion delay and the look back period for the rule. Then, it filters the table data to only include records that were generated within the combined time of the ingestion delay and the rule look back period. It also filters the data to only include records that were ingested within the rule look back period.
Details
Rod Trent
Released: October 20, 2022
Tables
Table_Name
Keywords
Table_Name,TimeGenerated,ago,ingestion_time
Operators
where>=ago()+>