Azure Logs - Group query result by last event by computer

Hello, I try to build a query that find the last state of a Windows service, for example 'WMI Performance Adapter' (See attached image). I would like to get only the last event/service state ...

azure monitor

Query Language

CliveWatson

Mar 16, 2020

Anthony11

This would be an example using arg_max

Event
| where EventID == 7036
| summarize count(), last_record = arg_max(TimeGenerated, *) by Computer

CliveWatson

Former Employee

Mar 16, 2020

Anthony11

This would be an example using arg_max

Event
| where EventID == 7036
| summarize count(), last_record = arg_max(TimeGenerated, *) by Computer

Anthony11
Copper Contributor
Mar 16, 2020
CliveWatson
Many thanks, it works like a charm 🙂

Forum Discussion

Azure Logs - Group query result by last event by computer