-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathquery_log
More file actions
13 lines (13 loc) · 776 Bytes
/
query_log
File metadata and controls
13 lines (13 loc) · 776 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
FAILED_LOG_GEO_LC_CL
|extend username = extract(@"username:([^,]+)", 1, RawData),
timestamp = extract(@"timestamp:([^,]+)", 1, RawData),
latitude = extract(@"latitude:([^,]+)", 1, RawData),
longitude = extract(@"longitude:([^,]+)", 1, RawData),
sourcehost = extract(@"sourcehost:([^,]+)", 1, RawData),
state = extract(@"state:([^,]+)", 1, RawData),
label = extract(@"label:([^,]+)", 1, RawData),
destination = extract(@"destinationhost:([^,]+)", 1, RawData),
country = extract(@"country:([^,]+)", 1, RawData)
|where destination != "samplehost"
|where sourcehost != ""
|summarize event_count=count() by timestamp, label, country, state, sourcehost, username, destination, longitude, latitude