Recent DiscussionsMost RecentNewest TopicsMost LikesSolutionsTagged:TagRe: Cannot export queries thophanhi, You can't export the queries from the portal, but you can do it fairly easily this way: 1. Go toSaved Searches - List By Workspace REST, click 'Try it' button and fill the information for your workspace, then click 'Run' 2. You already have all the queries in JSON format, but if you want it in table format for management, copy the list of saved queries and save it as JSON file (can save to text and change file type to .json) 3. Open Excel and click 'Data' > 'Get Data' > 'From File' > 'From JSON and select your JSON file. 4. it will load in PowerQuery where you can parse it and see your queries in a table. Yossi Re: use saved functionTal hi, I've validated The first example and it works for me. Is it possible that you used 'in' instead of '!in'? Once you create a function with a list of computers to exclude, you can use that function as a filter in any query you use, for example - if Function Alias is 'ExcludedComputer' the function can be used like this: SecurityEvent | where TimeGenerated > ago(1h) | where Computer !in (ExcludedComputer) | summarize by Computer If this won't work from any reason, please contact me at: yossiy@microsoft.com. Re: use saved functionIn case you have a known list of computers that you would like to exclude, you can manage this list in a function and call it in your query. For example, I save a function name: 'ExcludedComputer': datatable (Computer:string) ["ComputerName1", "ComputerName2", "ComputerName2"] Can be used like this: SecurityEvent | where TimeGenerated > ago(1h) | where Computer !in (ExcludedComputer) | summarize by Computer You can write a query that exclude computers and save as a function. For example, I save a function name: 'MyComputers': Heartbeat | where Computer !contains "a" | where Computer !contains "b" | summarize by Computer Can be used like this: SecurityEvent | where TimeGenerated > ago(1h) | where Computer in (MyComputers) | summarize by Computer Re: Builtin "AD replication" search not work after upgradeA fix for the issue is being deployed.
Recent Blog ArticlesMost RecentMost LikesRe: Azure Monitor Log Analytics data export is generally available! We are working on one-time-export capability that would do what is suggested here, basically, you will specify a query, time range, Azure storage destination, and data will be exported. This is at ea...Azure Monitor Log Analytics data export is generally available! After collecting feedback and implementing improvement for export at scale, we announce the general availability of Log Analytics data export. Log Analytics – data export (preview) Log Analytics data export is publicly available and ready for you to try!
MicrosoftMicrosoftMicrosoftMicrosoft
