Forum Discussion
Capturing a single transaction in KQL
Hi, I've got a log coming in which has a transaction ID in it and I'd like to gather the logs into a single event based on the ID. Unfortunately these ID are recycled after a short while, probabl...
The 15 minutes bucket you use today, is that just a way to group all events for a event together?
Is it possible to look at the events instead to find "start event" and look between each "start event" instead?
Is it possible to look at the events instead to find "start event" and look between each "start event" instead?
The 15 minute bucket is a way of constraining the time period during which a group of events can be grouped.