Forum Discussion

Brady Evans's avatar
Brady Evans
Copper Contributor
May 02, 2018
Solved

'DnsEvents | summarize by ClientIP, TimeGenerated' doesn't return expected result

When I execute the following query on the demo portal: DnsEvents  | summarize by ClientIP, TimeGenerated   It doesn't return what I expect.  It seems the TimeGenerated is rounded to the nearest h...
Azure Log Analytics
azure monitor
  • Meir_Mendelovich's avatar
    Meir_Mendelovich
    May 03, 2018

    Hi,

     

    This is expected. It is a failsafe functionality in the system to protect it from returning huge amounts of records which will be the situation if we would have return every TimeGenerated in accuracy of a millisecond. It automatically use 1 hour binning.

    We are evaluating this failsafe mechanism and consider if it worth keeping it. 

     

    If you want control over the binning period, you can use the bin function. This query does the same but use a 1 minute binning instead of the 1 hour binning:

     

    DnsEvents | summarize count() by ClientIP, bin(TimeGenerated,1m)

     

    Thanks,

    Meir :->

     

     

Stanislav_Zhelyazkov's avatar
Stanislav_Zhelyazkov
MVP
May 02, 2018

Hi,

Can you let us what exactly you are trying to achieve as the query you are executing does not make much sense?

Resources