Blog Post

Microsoft Sentinel Blog
9 MIN READ

How to align your Analytics with time windows in Azure Sentinel using KQL (Kusto Query Language)

CliveWatson's avatar
CliveWatson
Former Employee
Sep 21, 2020
Overview Thanks to Ofer Shezaf, Kieran Bhardwaj and Younes Khaldi for the ideas and proof reading!   Many of the query examples you see in KQL (Kusto Query Language) Detections, Rules, Hunting a...
Updated Nov 03, 2021
Version 3.0
investigation
microsoft sentinel
CliveWatson's avatar
Former Employee
Joined November 07, 2018
View Profile
Microsoft Sentinel Blog

Microsoft Sentinel is a cloud-native SIEM, enriched with AI and automation to provide expansive visibility across your digital environment.

Logan-IN's avatar
Logan-IN
Copper Contributor
Aug 24, 2022

Hi CliveWatson ,

 

This is really nice and i've bookmarked this item. 

 

I have a requirement to get the logs based on timegenerated with filter x days. Ex: I wanted to see the logs by excluding last 2days. If today date is 24th of August, then wanted to view the logs created before 22nd of August. I tried ago, startofday command but it doesn't match my requirement, any idea how to get the same. Thank you!