Forum Discussion
Querying the Heartbeat table
Hi, I've recently started using Microsoft Sentinel and trying to understand the idiosyncracies of using KQL in Log Analytics. I've searched Microsoft Docs and this Tech Community but haven't foun...
KQL will drop a column if its empty from the results, you can also use isempty(Version) or isnotempty(Version) rather than == "".
I suspect what you are seeing is caching in action. Just add Version to any project or summarize where it's needed. I don't have any data that has the empty column for Version so don't see this in my logs, or the demo data from Microsoft.
I suspect what you are seeing is caching in action. Just add Version to any project or summarize where it's needed. I don't have any data that has the empty column for Version so don't see this in my logs, or the demo data from Microsoft.
Thank you for your reply, that's quite a nice feature, now that I'm aware of it!