Forum Discussion
Solved
How to get last status of the service in Event Logs without selecting TimeRange
HI, My requirement is to find the status of few windows services whether its running/stopped/started. Events will capture only the last state of the service so cannot see logs if there is no ch...
- This would return the last row of data - using arg_max()
Event
| where EventLog == 'System' and EventID == 7036
| summarize arg_max(TimeGenerated,*)
Make sure you "set in Query" in the Dashboard. Also 3m == 3 minutes, so you would need 90d for 3months The timespan data type - Azure Data Explorer | Microsoft Docs.
When using ago() ago() - Azure Data Explorer | Microsoft Docs
use ">" rather than "<"
CliveWatson , Have modified my query as u suggested.
In dashboard , I don't have similar option like yours. when I click that icon it opens edit query box like the image below and there's not much option.
CliveWatson Thanks ! I already tried this option but not useful to my scenerio.
Again here there is no option to select last 3 Months .I have to choose a time range and cannot use the query as it is which already have time range to check last 3 months data.
- You should have the updated solution I showed in your subscription now: https://techcommunity.microsoft.com/t5/azure-monitor/enhanced-dashboard-experiences-for-azure-monitor-log-analytics/ba-p/2176979