Forum Discussion
KQL to report on user login duration
We are seeing an issue with login delays for users, whereby it sometimes takes many minutes for a user to be presented with a desktop. As part of troubleshooting this issue, I'd like to create a ...
There could be several reasons why there are inconsistencies between the data returned by the two KQL queries. One possible reason is that the queries are using different filters or criteria to select and join the data. Another reason could be that the data is being sampled differently or at different intervals, leading to variations in the results.
To troubleshoot this issue, you may want to start by comparing the filters and criteria used in the two KQL queries to see if they are consistent. You may also want to check the sampling intervals for the data to see if they match. Additionally, you may want to review the logs and metrics to ensure that they are being collected and recorded accurately and consistently.
As for a KQL query that achieves your aim, it looks like you are already using two different queries to capture login times. One query is focused on logon stages and the other on connection performance. Depending on your specific needs and environment, you may want to try adjusting the filters, criteria, and sampling intervals in these queries to generate more consistent and accurate results. Alternatively, you could try combining elements of both queries to create a new query that captures both logon stages and connection performance in a more comprehensive way.
To troubleshoot this issue, you may want to start by comparing the filters and criteria used in the two KQL queries to see if they are consistent. You may also want to check the sampling intervals for the data to see if they match. Additionally, you may want to review the logs and metrics to ensure that they are being collected and recorded accurately and consistently.
As for a KQL query that achieves your aim, it looks like you are already using two different queries to capture login times. One query is focused on logon stages and the other on connection performance. Depending on your specific needs and environment, you may want to try adjusting the filters, criteria, and sampling intervals in these queries to generate more consistent and accurate results. Alternatively, you could try combining elements of both queries to create a new query that captures both logon stages and connection performance in a more comprehensive way.