Query Details
LA Query Visualize Queries Run
Query
//Visualize how many queries you have run in your Sentinel workspace over the last year LAQueryLogs | where TimeGenerated > ago (365d) | where AADEmail == "[email protected]" | make-series Count=count() default=0 on TimeGenerated from ago(365d) to now() step 1d | render timechart with (title="#365daysofKQL queries run per day", ytitle="Count")
Explanation
This query visualizes the number of queries run in a Sentinel workspace over the past year. It filters the query logs based on the time generated and the user's email address. Then, it creates a time series chart showing the count of queries run per day over the last 365 days. The chart is titled "#365daysofKQL queries run per day" and the y-axis represents the count of queries.
Details
Matt Zorich
Released: June 21, 2022
Tables
LAQueryLogs
Keywords
LAQueryLogs,TimeGenerated,AADEmail,Count
Operators
whereago==make-seriescount()default=0onfromtosteprendertimechartwithtitleytitle