SOLVED

Incident statistics querying (for a powerbi dashboard)

%3CLINGO-SUB%20id%3D%22lingo-sub-1174269%22%20slang%3D%22en-US%22%3EIncident%20statistics%20querying%20(for%20a%20powerbi%20dashboard)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1174269%22%20slang%3D%22en-US%22%3E%3CP%3Ehey%20all%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20creating%20a%20PowerBI%20dash%20to%20report%20on%20some%20SOC%20statistics%20for%20the%20wider%20IT%20org%20to%20look%20at.%20Getting%20an%20alert%20view%20in%20is%20easy%20using%20a%20KQL%20query%20in%20PowerBI%20format.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EBut%20I%20don't%20see%20how%20I%20can%20get%20to%20Incident%20statistics.%20Looking%20to%20show%20Nr%20of%20incidents%20per%20status%20%2F%20priority%20..%20etc.%20Is%20there%20a%20way%20to%20do%20this%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1174622%22%20slang%3D%22en-US%22%3ERe%3A%20Incident%20statistics%20querying%20(for%20a%20powerbi%20dashboard)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1174622%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F377646%22%20target%3D%22_blank%22%3E%40mclaes%3C%2FA%3E%26nbsp%3BTake%20a%20look%20at%20my%20blog%20post%20to%20see%20if%20that%20answers%20your%20questions.%26nbsp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.garybushey.com%2F2020%2F01%2F20%2Fazure-sentinel-incidents-in-powerbi%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.garybushey.com%2F2020%2F01%2F20%2Fazure-sentinel-incidents-in-powerbi%2F%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1182060%22%20slang%3D%22en-US%22%3ERe%3A%20Incident%20statistics%20querying%20(for%20a%20powerbi%20dashboard)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1182060%22%20slang%3D%22en-US%22%3EHey%20Gary%2C%3CBR%20%2F%3E%3CBR%20%2F%3EThanks%20alot%20for%20your%20howto%20guide!%20Managed%20to%20create%20a%20similar%20dashboard%20in%20under%2030'%20%3A)%3C%2Fimg%3E%3CBR%20%2F%3E%3CBR%20%2F%3EI%20did%20however%20needed%20to%20change%20the%20%22%26amp%3Bamp%3B%20%22%20in%20your%20Power%20Query%20code%20snippet%20back%20to%20a%20%22%26amp%3B%22%20to%20get%20the%20query%20to%20work.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1182164%22%20slang%3D%22en-US%22%3ERe%3A%20Incident%20statistics%20querying%20(for%20a%20powerbi%20dashboard)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1182164%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F377646%22%20target%3D%22_blank%22%3E%40mclaes%3C%2FA%3E%26nbsp%3BThanks%20for%20that%20tip.%26nbsp%3B%20Perils%20of%20cut%20and%20paste%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

hey all,

 

I'm creating a PowerBI dash to report on some SOC statistics for the wider IT org to look at. Getting an alert view in is easy using a KQL query in PowerBI format. 

But I don't see how I can get to Incident statistics. Looking to show Nr of incidents per status / priority .. etc. Is there a way to do this?

 

thanks!

3 Replies
best response confirmed by mclaes (Occasional Contributor)
Solution

@mclaes Take a look at my blog post to see if that answers your questions.  https://www.garybushey.com/2020/01/20/azure-sentinel-incidents-in-powerbi/

Hey Gary,

Thanks alot for your howto guide! Managed to create a similar dashboard in under 30' :)

I did however needed to change the "& " in your Power Query code snippet back to a "&" to get the query to work.

@mclaes Thanks for that tip.  Perils of cut and paste :)