SOLVED

custom field

Deleted
Not applicable

I have custom filed and I want to alert me when the value passing the threshold. I have extracted the value however if anything above that value didn't get any result. 

example: Custom Logs =>  mytestlogs_CL

               extract filed  =>  "extract_cf"  

example field result  =>   "3456"  or "7856" or "3451" so on. the KQL search 

"mytestlogs_CL| where extract_CF > 1"

the result is returned even tough for there are?

1 Reply
best response
Solution

@Deleted 

 

Are the values strings - you have shown them with "  "?

 

Go to Log Analytics and run query

EventID count_
9992 24
9991 24
9993 24
9994 24

 

You maybe need to try, using toint() e.g.  Go to Log Analytics and run query

 

let t = datatable (aString:string, aNumber:int)
["1234",1,
 "5678",2];
 t
 | where toint(aString) > 1
 | project aString