Forum Discussion
Solved
KQL - make_set distinct
Hi everyone,
This may be simple however I've been unable to find a method or function to get my desired result. I may have missed something.
I want to summarize an event and use make_set to minimize the results.
I want something like make_set() but only distinct values.
What I have in mind is distinct_make_set(LoginInfo) and distinct_make_set(IPVTimeGenerated)
Desired summarize:
| summarize
LastestSignIn = arg_max(TimeGenerated,UserName),
EarliestSignIn = arg_min(TimeGenerated, UserName),
AttemptsBeforeIPV = countif(LoginInfo == "IPV activity after Login attempt"),
IPVTimeGenerated = distinct_make_set(IPVTimeGenerated),
LoginInfo = distinct_make_set(LoginInfo)
SignInCount = count() by
UserName, Activity
Thank you in advance!
3 Replies
- well, well... looks like I did indeed miss something major. Thanks!
- Easily done 😉
