Feb 05 2020
10:48 PM
- last edited on
Apr 08 2022
10:17 AM
by
TechCommunityAP
Feb 05 2020
10:48 PM
- last edited on
Apr 08 2022
10:17 AM
by
TechCommunityAP
Hi, I am new to KQL and have been stuck at a certain query for quite sometime. Lets say we have table with various users and they execute some commands which has been recorded in log with the username and the time taken by the user to execute that command , so what i want to do is to retrieve the top 15 entries for each unique user according to the duration of time they have taken to execute the command which is greater than 2 minutes. Any help would be appreciated.
Thank you.
Feb 06 2020 05:28 AM
As you didn't mention the table, or show an example row of data, here is a generic example:
Heartbeat
| summarize count() by Computer
Which gets me, two columns (Like your User and Count columns you mentioned)
Go to Log Analytics and run query (Demo data)
Heartbeat
| summarize count() by Computer
| where count_ > 1000
| top 15 by count_ desc
We'd then add a line to only show the values above 1000 (2mins in your example) and then the Top 15
Example results (top 5) to keep it short
Computer | count_ |
---|---|
hardening-demo | 2877 |
ContosoJbFwJb | 1441 |
rancher-node-2 | 1441 |
gangams-kind-k8s-cluster-master | 1441 |
ContosoAppSrv1 | 1441 |
I don't know how the column that has "2 mins" is expressed, so you may need to turn it into a string or an integer first?