Query and sort data from inside one of tables (Azure Log Analytics)
Question
I have following query which give me defender av Endpoint Protection client health report from server.
Event | where EventLog contains "defender" | where EventID == 1151
Inside query are table "RenderedDescription" which contains data "Antivirus signature age: 100" what I would like to use (+ a lot useless to me). Picture show format how data is in that table. The number shows how old Defender definitions are.
Is is even possible to sort and query data from inside table in Log analytics? I would like to have query which would only display events if Antivirus signature age number would be bigger than 100
I tried to explain this as good as possible so hope you understood what I ment.
1 answers
solution1
0 ACCPTED 2020-06-10 05:30:43
Actually just query and sort data is very easy. But you should provide more details as per my comment.
And now I assume that the RenderedDescription is a table in Azure log analytics like the table named Event .
And I also assume the Antivirus signature age is a column, then you can try the query below:
RenderedDescription
| where "Antivirus signature age" > 100
If I have some misunderstandings, please correct me.
By the way, the current screenshot in your post is not good enough. And it's better to provide other screenshots of structure(includes the columns especially the data "Antivirus signature age: 100" in which column) of the table RenderedDescription .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.