Query Details
LA Query Find Query Stats
Query
//Create a list of all tables in Sentinel, then iterate through the list to audit the LAQuery log table to see which are being actively used
//Data connector required for this query - Log Analytics diagnostic settings enabled on your Sentinel workspace
let tablenames = search *
| summarize make_set($table);
LAQueryLogs
| mv-apply table=toscalar(tablenames) to typeof(string) on (where QueryText contains ['table'])
| summarize QueryCount = count()by ['table']
| order by QueryCount
| render piechart Explanation
This query creates a list of all tables in Sentinel and then checks the LAQuery log table to see which tables are actively being used. It uses a data connector called Log Analytics diagnostic settings enabled on your Sentinel workspace. The query counts the number of queries for each table and displays the results in a pie chart.
Details
Matt Zorich
Released: June 17, 2022
Tables
LAQueryLogs
Keywords
Tables,Sentinel,LAQueryLogs,QueryText,QueryCount
Operators
searchsummarizemake_setmv-applytoscalartypeofonwherecontainscountbyorder byrender