Query Details
Pack All Example
Query
//Example of using Pack All to put results into a single column. Can also be used with Extend operator let StartTime=ago(24h); let StopTime=now(); SecurityEvent | where TimeGenerated >StartTime and TimeGenerated <=StopTime | project pack_all()
Explanation
This query retrieves security events that occurred within the last 24 hours and puts the results into a single column using the "pack_all" function. It can also be used with the "extend" operator.
Details
Rod Trent
Released: December 7, 2021
Tables
SecurityEvent
Keywords
StartTime,StopTime,SecurityEvent,TimeGenerated
Operators
whereprojectpack_all()