Forum Discussion
mv-expand error on Security Alert
Hi, I have below query which I am using to perform a URL search in Security Alert table. This query works fine as long as the search value is there in the given timeframe (the below query search ...
- trying adding a column_ifexists
...
| extend Url = column_ifexists("Url","")
| mv-expand todynamic(Url)
| where isnotempty(Url)
| project TimeGenerated, SystemAlertId, AlertName, Url
trying adding a column_ifexists
...
| extend Url = column_ifexists("Url","")
| mv-expand todynamic(Url)
| where isnotempty(Url)
| project TimeGenerated, SystemAlertId, AlertName, Url
...
| extend Url = column_ifexists("Url","")
| mv-expand todynamic(Url)
| where isnotempty(Url)
| project TimeGenerated, SystemAlertId, AlertName, Url
thanks. this works
Curious to understand why KQL proceeds to the next query line when the where clause (line 3) comes up with blank results ?
Curious to understand why KQL proceeds to the next query line when the where clause (line 3) comes up with blank results ?
- if its empty/blank, then the query stops at the mv-expand line
