Forum Discussion
Solved
KQL - merging field values
Morning all, I have data where there are 20-30 distinct values, and I want to group the data into a smaller number of groups. As an example: Hostname Events GGPC-01 5 GGPC-02 12 JEP...
- Sorry, this is quite hard to visualize, without seeing your example. Are you using, something like this KQL (not sure where the hostname is coming from in this data though).
AADServicePrincipalSignInLogs
| summarize Events=count() by ServicePrincipalName, bin(TimeGenerated, 1d)
Is this something you can mock up in a datatable (like in my first example)?
Sorry, this is quite hard to visualize, without seeing your example. Are you using, something like this KQL (not sure where the hostname is coming from in this data though).
AADServicePrincipalSignInLogs
| summarize Events=count() by ServicePrincipalName, bin(TimeGenerated, 1d)
Is this something you can mock up in a datatable (like in my first example)?
AADServicePrincipalSignInLogs
| summarize Events=count() by ServicePrincipalName, bin(TimeGenerated, 1d)
Is this something you can mock up in a datatable (like in my first example)?
I finally cracked it!
The answer involves using split(), thus:
GroupedHostname = split(Hostname,"-",0)
Next problem is a different extension of the same thing. Thanks for your help.
The answer involves using split(), thus:
GroupedHostname = split(Hostname,"-",0)
Next problem is a different extension of the same thing. Thanks for your help.