Forum Discussion
Anthony11
Mar 16, 2020Copper Contributor
Azure Logs - Group query result by last event by computer
Hello,
I try to build a query that find the last state of a Windows service, for example 'WMI Performance Adapter' (See attached image).
I would like to get only the last event/service state for each computer but i cannot find the proper operators.
Thanks for help 🙂
This would be an example using arg_max
Event | where EventID == 7036 | summarize count(), last_record = arg_max(TimeGenerated, *) by Computer
- CliveWatson
Microsoft
This would be an example using arg_max
Event | where EventID == 7036 | summarize count(), last_record = arg_max(TimeGenerated, *) by Computer
- Anthony11Copper Contributor
Many thanks, it works like a charm 🙂