Apr 20 2020
09:53 AM
- last edited on
Apr 08 2022
10:24 AM
by
TechCommunityAP
Apr 20 2020
09:53 AM
- last edited on
Apr 08 2022
10:24 AM
by
TechCommunityAP
I have custom filed and I want to alert me when the value passing the threshold. I have extracted the value however if anything above that value didn't get any result.
example: Custom Logs => mytestlogs_CL
extract filed => "extract_cf"
example field result => "3456" or "7856" or "3451" so on. the KQL search
"mytestlogs_CL| where extract_CF > 1"
the result is returned even tough for there are?
Apr 20 2020 11:05 AM
Solution@Deleted
Are the values strings - you have shown them with " "?
Go to Log Analytics and run query
EventID | count_ |
---|---|
9992 | 24 |
9991 | 24 |
9993 | 24 |
9994 | 24 |
You maybe need to try, using toint() e.g. Go to Log Analytics and run query
let t = datatable (aString:string, aNumber:int)
["1234",1,
"5678",2];
t
| where toint(aString) > 1
| project aString
Apr 20 2020 11:05 AM
Solution@Deleted
Are the values strings - you have shown them with " "?
Go to Log Analytics and run query
EventID | count_ |
---|---|
9992 | 24 |
9991 | 24 |
9993 | 24 |
9994 | 24 |
You maybe need to try, using toint() e.g. Go to Log Analytics and run query
let t = datatable (aString:string, aNumber:int)
["1234",1,
"5678",2];
t
| where toint(aString) > 1
| project aString