cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Azure Logs - Group query result by last event by computer

Anthony11
Copper Contributor

‎Mar 16 2020 07:11 AM - last edited on ‎Apr 08 2022 10:20 AM by

‎Mar 16 2020 07:11 AM - last edited on ‎Apr 08 2022 10:20 AM by

Azure Logs - Group query result by last event by computer

Hello,

 

I try to build a query that find the last state of a Windows service, for example 'WMI Performance Adapter' (See attached image).

 

I would like to get only the last event/service state for each computer but i cannot find the proper operators.

 

Thanks for help :)

 

 

Labels:
Preview file
48 KB
914 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by CliveWatson (Microsoft)
CliveWatson

‎Mar 16 2020 08:35 AM

‎Mar 16 2020 08:35 AM

Solution

Re: Azure Logs - Group query result by last event by computer

@Anthony11 

 

This would be an example using arg_max

Event
| where EventID == 7036
| summarize count(), last_record = arg_max(TimeGenerated, *) by Computer

 

0 Likes
Reply
Anthony11

‎Mar 16 2020 08:47 AM

‎Mar 16 2020 08:47 AM

Re: Azure Logs - Group query result by last event by computer

@CliveWatson 

Many thanks, it works like a charm :)

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by CliveWatson (Microsoft)
CliveWatson

‎Mar 16 2020 08:35 AM

‎Mar 16 2020 08:35 AM

Solution

Re: Azure Logs - Group query result by last event by computer

@Anthony11 

 

This would be an example using arg_max

Event
| where EventID == 7036
| summarize count(), last_record = arg_max(TimeGenerated, *) by Computer

 

View solution in original post

0 Likes
Reply