Forum Discussion

j0ebeer's avatar
j0ebeer
Copper Contributor
Mar 14, 2022

Querying on TimeGenerated

I'm running two searches.  One uses the dropdown time selector (30m) and the other search is using TimeGenerated >= ago(30m).  The search returns the same number of logs but it displays the fields differently.  In the first search using dropdown selector it fills out the fields as expected but with the TimeGenerated search many of the fields are blank.  Think I'm not fully understanding how the TimeGenerated filter is working.  Any sites for a better understanding?  Or why the results/fields would be blank?

 

Joe

Kusto
Log Data
  • Clive_Watson's avatar
    Clive_Watson
    Bronze Contributor
    Mar 14, 2022

    j0ebeer 

     

    Have you tried the same in the demo logs?  Go to Log Analytics and run query  

     

    Is it the rows or columns that are blank?

    Using a data source that only changes hourly, the rows all look fine to me, I used this query, then a query in a new tab without the where TimeGenerated and setting 4hrs in the drop down.  Both had 166 rows with all columns identical.

     

    Usage
| where TimeGenerated > ago(4h)
| order by TimeGenerated desc, DataType asc

     

    • Jonhed's avatar
      Jonhed
      Steel Contributor
      Mar 15, 2022

      I have never seen a case where the result differs either.

      I don't suppose the log entries are sorted differently?
      Some tables such as AzureDiagnostics contain different logs from different sources, and these different types of logs have different columns. Column A that is only used by log type A, could show as empty in a log entry from log type B, and vice versa.

Share

Resources