I'm trying to query all computers that match 2 or more DISTINCT DisplayName fields. I can get the distinct count: SecurityAlert | where ProductName in("Microsoft Defender Advanced Threat Protection") | where ProviderName == "MDATP" | mv-expand parsejson(Entities) |extend Computer = tostring(...
Hi there, I'm trying to query all computers that match 2 or more DISTINCT DisplayName fields. I can get the distinct count: SecurityAlert | where ProductName in("Microsoft Defender Advanced Threa... GaryBushey You might also try? SecurityAlert|where ProductNamein("Microsoft Defender Advanced ...
count Counts records in the input table (for example, T)This operator is shorthand for summarize count() T | count join Merges the rows of two tables to form a new table by matching values of the specified column(s) from each table. Supports a full range of join types: fullouter, inn...
countCounts records in the input table (for example, T) This operator is shorthand forsummarize count()T | count joinMerges the rows of two tables to form a new table by matching values of the specified column(s) from each table. Supports a full range of join types:fullouter,inner,inner...
countCounts records in the input table (for example, T) This operator is shorthand forsummarize count()T | count joinMerges the rows of two tables to form a new table by matching values of the specified column(s) from each table. Supports a full range of join types:fullouter,inner,inner...
IPVTimeGenerated = distinct_make_set(IPVTimeGenerated), LoginInfo = distinct_make_set(LoginInfo) SignInCount = count() by UserName, Activity Thank you in advance! make_set() is already "distinct", its make_list that isn't?
Morning all, I have data where there are 20-30 distinct values, and I want to group the data into a smaller number of groups. As an...
countCounts records in the input table (for example, T) This operator is shorthand forsummarize count()T | count joinMerges the rows of two tables to form a new table by matching values of the specified column(s) from each table. Supports a full range of join types:fullouter,inner,inner...
countCounts records in the input table (for example, T) This operator is shorthand forsummarize count()T | count joinMerges the rows of two tables to form a new table by matching values of the specified column(s) from each table. Supports a full range of join types:fullouter,inner,inner...