Forum Discussion
Need a bit of assistance.
Hi, I am new to using AIQL and I have been tasked to create a query to look for missing phrases. Here is my query to look for the initial phrase.
traces
| where message contains "Received '...
you don't need to use bracket notation if your custom dimensions are valid kusto names,
and you should convert types from dynamic as you go, and you should parse your json vs using substring, and you can combine extends and where's.
traces
| where message contains "Received 'job valid' notification"
and message !contains "some other value"
| extend backendRequest = tostring(customDimensions.jsonMessage),
customerId = tostring(customDimensions.customerId),
jobId = toint(customDimensions.jobId)
| extend request = tostring(parse_json(backendRequest).request)
| project message, request, severityLevel, timestamp, backendRequest, customerId, jobId
| order by jobId desc
i can help further with sample data...