cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Entra Tech Accelerator
Jun 27 2023, 08:00 AM - 12:00 PM (PDT)
Microsoft Tech Community
Find out more
SOLVED

"Filter" tab in Sentinel's logs page.

ben_loy
Occasional Contributor

‎Aug 25 2022 06:54 AM

‎Aug 25 2022 06:54 AM

"Filter" tab in Sentinel's logs page.

Can anyone please help me understand the functionality of "Filter" in Sentinel's logs page (next to Queries, Functions), or point me to the relevant documentation? 

 

ben_loy_0-1661435747559.png

 

Thanks!

Ben

Labels:
270 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by ben_loy (Occasional Contributor)
Clive_Watson

‎Aug 25 2022 07:57 AM

‎Aug 25 2022 07:57 AM

Solution

Re: "Filter" tab in Sentinel's logs page.

@ben_loy 

You have to run a simple Query first, like:
Usage
|limit 10

Then this feature allows you to click on data, and [Apply and Run] which essential builds you a query - its good as you learn KQL or want to filter results (note it only shows top results) and if you add too many things at once it may build a query with no results 

Clive_Watson_0-1661439308146.png

So when I click on the above, the new query built for me was this:

Usage
| where DataType == "SentinelHealth"
| limit 10

1 Like
Reply