KQL Search

Query Details

Report No Data

Query

//Reporting on a Connector that isn't reporting data in the last hour. 
//The example below is for the OfficeActivity table. Delay for that table may need to be 2 hours. 
//The table will depend on the associated Data Connector.
//Create an Analytics Rule to be alerted.

OfficeActivity
| where TimeGenerated > ago(1h)
| summarize count()
| where count_ == 0

Explanation

This query is checking if there is any data missing from the OfficeActivity table in the last hour. If there is no data, it suggests creating an Analytics Rule to receive an alert. The delay for this table may need to be set to 2 hours.

Details

Rod Trent

Released: October 20, 2022

Tables

OfficeActivity

Keywords

OfficeActivity,TimeGenerated,ago,summarize,count

Operators

whereagosummarizecount==

KQL Search

Report No Data

Query

Explanation

Details

Actions