stackoom
  简体   繁体   中英

How to use Kusto to return a max() row from a table, while showing other columns not used in the max grouping

 原文  2021-08-20 12:34:44       azure-log-analytics/ kql

Question

Given the following Log analytics KQL query:

SigninLogs 
| where ResultType == 0 
| summarize max(TimeGenerated) by UserPrincipalName

I need to display other columns from those selected rows in the SigninLogs table. I've tried different approaches with no success. Joining back to the same table again seems unfeasible as joins appear to only be available using a single column. Other approaches using in failed because the needed columns weren't available in the above source query.

1 answers

solution1
 1 ACCPTED  2021-08-20 13:21:30

You can use the arg_max() aggregation function: https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/arg-max-aggfunction

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Get Other columns based on max of one column in Kusto Azure storage table max partition and max row key SQL return max in unnest Kusto: compare each row in a resultset with another table How to make use of materialize in Kusto? SQL Having/Where clause to compare MAX from current/another table Kusto - extract key value from the Kusto table result Compare 2 tables and update final table with the row which has max value Bigquery (SQL) How do you select a max float value along with other datatypes values within a query? Use of Percentile with condition in Kusto
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM