Forum Discussion
Saving results of a query to be used by other queries
Hi, I am new to KQL and trying to explore the possibility of being able to save the results of a query in Azure Log Analytics . A scheduling will be done on this query to be run once a day to upda...
You could potentially look at Azure Automation and a PowerShell runbook to trigger the query, based on your schedule..
As Luke says, Log Analytics queries cant create a Table, so you can use his idea or look at a Logic App on a recurrence trigger to fire the query at a specific time of day, the logic app can then run the KQL query to populate a custom log table <table name_CL>. You can then "join" your other query to that table with your aggregated results. This example sends an email, https://cloudblogs.microsoft.com/industry-blog/en-gb/cross-industry/2020/06/17/log-analytics-or-azure-sentinel-how-schedule-a-report/ but you can use another control "send data" to populate a Table (custom logs are billable data sources)
Example "join" https://docs.microsoft.com/en-gb/azure/data-explorer/kusto/query/joinoperator?pivots=azuremonitor
ServiceMapProcess_CL
| project Computer // computer
| join
(
Heartbeat
| distinct Computer // computer 1
) on Computer
| project customComputerName = Computer, HeartBeatComputerName = Computer1
Example "join" https://docs.microsoft.com/en-gb/azure/data-explorer/kusto/query/joinoperator?pivots=azuremonitor
ServiceMapProcess_CL
| project Computer // computer
| join
(
Heartbeat
| distinct Computer // computer 1
) on Computer
| project customComputerName = Computer, HeartBeatComputerName = Computer1