Query Details
Office Ingest Delay
Query
//This Alert counts all OfficeActivity logs for the last hour and triggers on a result of 0. OfficeActivity | where TimeGenerated > ago(2h) | summarize count() | where count_ == 0
Explanation
This query looks at the OfficeActivity logs from the past 2 hours and counts how many logs there are. If the count is 0, it triggers an alert.
Details
Rod Trent
Released: January 19, 2023
Tables
OfficeActivity
Keywords
OfficeActivity,TimeGenerated,ago,summarize,count_
Operators
| where>agosummarizecount()==