Chadzwill
Reputation: 1
Kusto query, join tables to display computer domain
We have a query that displays the top 5 computers with eventlog errors/warnings:
Event
| where EventLevelName has_any ("Error","Warning")
| summarize count() by Computer
| top 5 by count_
We are collecting logs from multiple customers, so i would like to have a column that shows the computer domain aswell.
Is it possible to use another table and match computer names? Like "Heartbeat" table and the columns "Computer"/"Tenantid"
I guess i would need to use somthing like:
union Event, workspace("xxxxx").Heartbeat
As this would get the correct tenantid..
Since eventlogs are sent directly to our tenant, the table "Event" only contains a single Tenantid
Upvotes: 0
Views: 656
Answers (1)
Related Questions
- Kusto Query: Join tables with different datatypes
- Query multiple tables in Azure Log Analytics
- Kusto: Do a leftsemi join including columns from right table
- azure kusto join multiple graph/table two one
- Kusto Query Assistance - Azure Sign In Logs
- Kusto join tables from different DB
- Join on multiple columns in KQL (Azure)
- Combine Complex Kusto Queries
- Kusto Query: Join multiple tables
- How to write Kusto query to get results in one table?