Query Details
Number Of Events Per Provider
Query
Use Case: Monitoring the frequency of application events over the past week to identify patterns or anomalies in software behavior by provider.
Query:
WindowsEvent('Application', 7d)
| summarize EventCount = count() by ProviderNameExplanation
The query is used to monitor how often certain events occur in an application over the past week. It summarizes the count of events by the name of the provider. This helps identify any patterns or unusual behavior in the software.
Details
Ugur Koc
Released: February 4, 2024
Tables
WindowsEvent
Keywords
WindowsEvent,Application,7d,EventCount,ProviderName
Operators
WindowsEventsummarizecountby