Event Total Volume Collect

Copper Contributor

Hello

I would like to add up the total amount of GB for events. However, I don't think my query works the way I want it to

let daystoSearch = 31d;
union withsource = tt *
| where TimeGenerated >= ago(daystoSearch)
| where _IsBillable == true
| extend computerName = tolower(tostring(split(Computer, '.')[0]))
| where computerName != ""
| where Type == "Event"
| summarize TotalVolumeBytes=sum(round(_BilledSize/1024/1024/1024, 6)) by computerName
| project computerName,TotalVolumeGB=TotalVolumeBytes
| sort by TotalVolumeGB desc
 
it is important to know this totally to determine the price of the GB
Thanks for your help
Rog
2 Replies

@MrRog the query seems right.

Adding @Dale Koetke 

@MrRog 

Unless you need this segmented by computer, just use the Usage data type, e.g. as documented at https://docs.microsoft.com/en-us/azure/azure-monitor/platform/manage-cost-storage#data-volume-by-sol....  You're query for the total billable data from the last 31 days would be:

 

Usage
| where TimeGenerated > startofday(ago(31d))
| where IsBillable == true
| summarize BillableDataGB = sum(Quantity) / 1000.