Aug 08 2022 12:21 PM
Hello, I'm trying to create a kql hunting query that will display the total number of bad emails (malware, spam, phishing) but am having some trouble combining the columns of various bad emails together in one and getting a total count. The screen grab below shows the first 6 columns that i want to collapse into.
my query in total is this so far:
Aug 08 2022 01:32 PM
Aug 08 2022 02:42 PM
Thank you for your reply! I tried out this query and it returned the same result from my first query minus one row. From messing around with it some more it is turning out to be a bit of a mind bender (at least for a kql noob as myself).
so just to clarify if i have columns Red, Blue, Yellow and Red and Blue and Yellow, with 1 count in each column, how to combine them in a new column called "Colors" with a count of all the 1s from each of the individual columns? As of now it works to massage the data in excel and open it in powerbi but eventually i'd like to automate this for reporting.
Thanks again for your reply.
Aug 10 2022 05:39 AM
SolutionAug 10 2022 08:29 AM
Yes! That did it. Thanks a lot!
Aug 10 2022 05:39 AM
Solution