We have a huge data of analytics from past few months & I am looking for a query to group the events in the order of date.
We have a huge data of analytics from past few months & I am looking for a query to group the events in the order of date.
Hello @AmruthaTamanam,
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet .In case if you have any resolution please do share that same with the community as it can be helpful to others . Otherwise, will respond back with the more details and we will try to help .
Thanks
Himanshu
Hello @AmruthaTamanam,
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet .In case if you have any resolution please do share that same with the community as it can be helpful to others . Otherwise, will respond back with the more details and we will try to help .
Thanks
Himanshu
Sorry @HimanshuSinha-MSFT I did not get any updates regd this solutions posted here,
The Query did not help me for the results I was looking for.
Can you help me?
Hello @AmruthaTamanam ,
Thanks for the ask and using the Microsoft Q&A platform .
I am assuming that you are refering to log analytics data . The below query shoulld help
SecurityEvent
| project EventData, EventID, TimeGenerated
| sort by TimeGenerated desc
Update 9/15
You should use something like this ( please update your fields accordingly .
SecurityEvent
|project EventName=Account,Date=TimeGenerated
|summarize Occurance=count() by EventName,format_datetime(Date,'MM/dd/yyyy')
|order by Date desc

I think your query should be
customEvents
|project EventName=name ,Date=TimeGenerated
| where timestamp > startofday(datetime("2021-05-01")) and timestamp < endofday(datetime("2021-08-26"))
| summarize Occurance=count() by EventName,format_datetime(Date,'MM/dd/yyyy')
| order by Occurance desc
| where name <> "StartServiceLog"
| where name <> "PushInstallationLog"
| where name <> "StartSessionLog"
| where name == "Navigate The Hospital - Search Opened"
or name == "Navigate The Hospital - Welcome Alert - OK Clicked"
or name == "Navigate The Hospital - FloorChange Button Clicked"
or name == "Navigate The Hospital - Get Directions Clicked"
or name == "Selected Room is "
You can learn about more on how to query the data here
Please do let me know how it goes .
Thanks
Himanshu
Please do consider clicking on "Accept Answer" and "Up-vote" on the post that helps you, as it can be beneficial to other community members
Hello @AmruthaTamanam ,
It was great to know that you were able to get to a resolution . We expect you to keep using this forum and also motivate others to do that same . You can always help other community members by answering to their queries .
Thanks
Himanshu
I have tried the query but it did not give me any results, How can I get in touch with someone to get the event query that I am currently looking for?
Hello @AmruthaTamanam ,
You mentioned that the the query did not returned any data , that means that you do not have any data in the "SecurityEvent" . I was just trying to give you the idea of the query . Please let me know which table are you trying to query and update the query accordingly .
YourTableName
// Add the columns you want to see
| project EventData, EventID, TimeGenerated
//Sort by the time Generated
| sort by TimeGenerated desc
Please do let me know how it goes .
Thanks
Himanshu
Hi @HimanshuSinha-MSFT , Here is my Analytics Query
customEvents
| where timestamp > startofday(datetime("2021-05-01")) and timestamp < endofday(datetime("2021-08-26"))
| summarize count(user_Id) by name
| order by count_user_Id desc
| where name <> "StartServiceLog"
| where name <> "PushInstallationLog"
| where name <> "StartSessionLog"
| where name == "Navigate The Hospital - Search Opened"
or name == "Navigate The Hospital - Welcome Alert - OK Clicked"
or name == "Navigate The Hospital - FloorChange Button Clicked"
or name == "Navigate The Hospital - Get Directions Clicked"
or name == "Selected Room is "
How can I get these in the required format?
I am looking for this format:
Date Event Name Occurrence
08/27/2021 NavigateXXXXXXXX-Search 30
08/27/2021 NavigateXXXXXXXX-Quick 20
@AmruthaTamanam , I have updated the answer above , hope that heps .
12 people are following this question.