Last active
November 18, 2021 22:40
-
-
Save MirzaMerdovic/975522f513991070dd63f3d57f5f1404 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Perf | |
| | where ObjectName == "System" | |
| | extend UpTime = CounterValue * 1s | |
| | project TimeGenerated, Computer, UpTime | |
| | summarize arg_max(TimeGenerated, *) by Computer | |
| | order by UpTime desc | |
| ================================================== | |
| let Linu = Heartbeat | |
| | where OSType = "Linux" | |
| | summarize by Computer | |
| Perf | |
| | where Computer in (Linux) | |
| ================================================== | |
| Alert | |
| | take 10 | |
| | evaluate narrow() | |
| | summarize make_list(Value) by Column | |
| ================================================= | |
| print coalesce("", "B") | |
| print 27h / 1d | getschema | |
| ================================================= | |
| Alert | |
| | take 1 | |
| | evaluate narrow() | |
| ================================================= | |
| leftsemi: X | where Key in (Y | distinct Key) | |
| rightsemi: Y : where Key in (X | distinct Key) | |
| leftanti: X | where Key !in (Y | distinct Key) | |
| rightanti: Y : where Key !in (X | distinct Key) | |
| =================================================== | |
| TableB get fully copied | |
| TableA | |
| | lookup kind=inner ( TableB ) on Key1, Key | |
| =================================================== | |
| to query hot and cold data put as a frist line in your query | |
| set query_datascope='all' | |
| =================================================== | |
| Logs | |
| | search "exceptions" | |
| =================================================== |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment