cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Get span of TimeGenerated to use in Summarize

PatrikHansson
Contributor

‎Jun 02 2021 01:08 AM - last edited on ‎Apr 08 2022 10:48 AM by

‎Jun 02 2021 01:08 AM - last edited on ‎Apr 08 2022 10:48 AM by

Get span of TimeGenerated to use in Summarize

Hi

I'm trying to figure out at way to make the round to value used in bin() dynamic.

so if the Query is for a day I want to have something like:

bin(Timegenerated, 1m) 

but if the query is for 30 days I want to have something like

bin(Timegenerated, 1h)

Was thinking that I somehow could get the max and min from Timegenerated and then use "case" to set a variable to use in the last 

| summarize xxxxxx by bin(Timegenerated, "variable") 

 

Anyone have some idea on how to do this ?

Labels:
227 Views
0 Likes
0 Replies
Reply
0 Replies