custom field

Not applicable

I have custom filed and I want to alert me when the value passing the threshold. I have extracted the value however if anything above that value didn't get any result. 

example: Custom Logs =>  mytestlogs_CL

               extract filed  =>  "extract_cf"  

example field result  =>   "3456"  or "7856" or "3451" so on. the KQL search 

"mytestlogs_CL| where extract_CF > 1"

the result is returned even tough for there are?

1 Reply
best response



Are the values strings - you have shown them with "  "?


Go to Log Analytics and run query

EventID count_
9992 24
9991 24
9993 24
9994 24


You maybe need to try, using toint() e.g.  Go to Log Analytics and run query


let t = datatable (aString:string, aNumber:int)
 | where toint(aString) > 1
 | project aString