Skip to content

Commit 8250f9e

Browse files
yelevinyelevin
committed
Added links to summary rules doc
1 parent 032c73d commit 8250f9e

File tree

1 file changed

+26
-0
lines changed

1 file changed

+26
-0
lines changed

articles/sentinel/summary-rules.md

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -245,6 +245,32 @@ This procedure describes a sample process for using summary rules with [auxiliar
245245
  | make-series TotalBytesSent=sum(SentBytes) on TimeGenerated from startofday(ago(starttime)) to startofday(ago(endtime)) step timeframe by DeviceVendor
246246
```
247247
248+
See more information on the following items used in the preceding examples, in the Kusto documentation:
249+
- [***let*** statement](/kusto/query/let-statement?view=microsoft-sentinel&preserve-view=true)
250+
- [***where*** operator](/kusto/query/where-operator?view=microsoft-sentinel&preserve-view=true)
251+
- [***extend*** operator](/kusto/query/extend-operator?view=microsoft-sentinel&preserve-view=true)
252+
- [***project*** operator](/kusto/query/project-operator?view=microsoft-sentinel&preserve-view=true)
253+
- [***summarize*** operator](/kusto/query/summarize-operator?view=microsoft-sentinel&preserve-view=true)
254+
- [***lookup*** operator](/kusto/query/lookup-operator?view=microsoft-sentinel&preserve-view=true)
255+
- [***union*** operator](/kusto/query/union-operator?view=microsoft-sentinel&preserve-view=true)
256+
- [***make-series*** operator](/kusto/query/make-series-operator?view=microsoft-sentinel)
257+
- [***isnotempty()*** function](/kusto/query/isnotempty-function?view=microsoft-sentinel&preserve-view=true)
258+
- [***format_datetime()*** function](/kusto/query/format-datetime-function?view=microsoft-sentinel&preserve-view=true)
259+
- [***column_ifexists()*** function](/kusto/query/column-ifexists-function?view=microsoft-sentinel&preserve-view=true)
260+
- [***iff()*** function](/kusto/query/iff-function?view=microsoft-sentinel&preserve-view=true)
261+
- [***ipv4_is_private()*** function](/kusto/query/ipv4-is-private-function?view=microsoft-sentinel&preserve-view=true)
262+
- [***min()*** function](/kusto/query/min-aggregation-function?view=microsoft-sentinel&preserve-view=true)
263+
- [***tostring()*** function](/kusto/query/tostring-function?view=microsoft-sentinel)
264+
- [***ago()*** function](/kusto/query/ago-function?view=microsoft-sentinel)
265+
- [***startofday()*** function](/kusto/query/startofday-function?view=microsoft-sentinel)
266+
- [***parse_json()*** function](/kusto/query/parse-json-function?view=microsoft-sentinel)
267+
- [***count()*** aggregation function](/kusto/query/count-aggregation-function?view=microsoft-sentinel&preserve-view=true)
268+
- [***make_set()*** aggregation function](/kusto/query/make-set-aggregation-function?view=microsoft-sentinel&preserve-view=true)
269+
- [***dcount()*** aggregation function](/kusto/query/dcount-aggregation-function?view=microsoft-sentinel)
270+
- [***sum()*** aggregation function](/kusto/query/sum-aggregation-function?view=microsoft-sentinel)
271+
272+
[!INCLUDE [kusto-reference-general-no-alert](includes/kusto-reference-general-no-alert.md)]
273+
248274
## Related content
249275
250276
- [Aggregate data in Log Analytics workspace with Summary rules](/azure/azure-monitor/logs/summary-rules)

0 commit comments

Comments
 (0)