Forum Discussion
Solved
Azure Log analytics
I am looking to get a list of computer names and all the add-ins on that computer. The canned query for this returns an aggregated list of add-ins which is helpful at viewing the complexity of this ta...
Note: https://docs.microsoft.com/en-us/azure/kusto/query/makeset-aggfunction you should always use make_set or make_list which have replaced makeset and makelist as the older functions have a 128 limit.
Make_set is probably the one to use - as it "Returns a
dynamic(JSON) array of the set of distinct values that Expr takes in the group."The aim here is to get the row (record) count below 10,000, then you know you have all the data, if you have 441 then all should be ok. Also look out for the 500 column limit, but I think you are a long way from that.
Make_set worked much better. That removed the redundancy and I can go back pretty far. So this leads me to believe I have a misconception on how these logs work. If my time duration is 24 hours, I do not see my entire workforce. If I go back in time say 7 days, I see more. So these logs must not be one huge blob, but more so smaller activity logs. I am trying to resolve them like an SCCM report that gathers data from every PC, then logs the add-in and the barcode for every PC. I can then report that every PC that checks in is accounted for. This seems to be more dynamic in nature and in order for me to see the entire fleet, I must go far enough into the past to see when they might have logged on or used that add-in to register in these logs. I think ????
Logs are created a row at a time based on timegernated...so on some hours or days you may get more or less logs. A machine that is off wont send any. Pivot on the computer name which is unique unlike time...hence the consistency with make-set