azure powerbi powerquery kql azure-sentinel

How to write a Kusto query to get previous month logs in sentinel?

| where TimeGenerated > ago(30d) only gives me the last 30 days logs and I'm searching for a query to get previous month logs from a table, so I can export it directly into Power BI.

Solution

Here is how you can do it below. I am showing two ways. The 'easy' way is to just hand jam the dates in for the month. The harder way requires you to use the make_datetime function.

// The Easy 'Manual' Way
AuditLogs
| where TimeGenerated >= datetime('2021-08-01') and TimeGenerated <= datetime('2021-08-31')
// Automated Way
let lastmonth = getmonth(datetime(now)) -1;
let year = getyear(datetime(now)); 
let monthEnd = endofmonth(datetime(now),-1); 
AuditLogs
| where TimeGenerated >= make_datetime(year,lastmonth,01) and TimeGenerated <= monthEnd

https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/make-datetimefunction

Unable to get all users from Microsoft Graph using Python SDK
You need to ensure that WebApp1 uses the ASP.NET v4.7 runtime stack
MS Graph API - How to query additional pages
how to hash users into random values in azure databricks
How can I manage Azure SQL user/login/credentials
How to connect secrets value stored in Azure key vault to Azure app service env variables directly
AVD Insights Host Performance Blade Empty after vhange to new Azure Monitoring Agent
How to get a list of users from azure graph API
Azure App Service Flask Deployment Error: "Failed to Respond to HTTP Pings on Port 8000; Site Start Failed. Check Container Logs for Debugging."
Azure Function App - No continuous deployment setting for "Flex Consumption" hosting plan?
Az-GetRoleAssigments Not returning Data for DisplayName, SignInName & Object Type - Azure Powershell Runbook
Can you publish a new standalone Angular project (esproj) directly from VS2022 to Azure?
Cors configuration
Publish error: Found multiple publish output files with the same relative path
remove event subscriptions from system topics
node-fetch azure document translator
Is it possible to use .env in a React Web project?
Sign in to Azure Account from VS Code
How to copy blobs from azure to aws using python?
AKV10032: Invalid issuer error when connecting to Azure Key Vault from App Service
how to mask hash users into random values [email protected] in azure databricks
Can we use PostgREST API with Azure
Bicep adding DNS Records saying already exists when it doesn't
Issue in sending personal message in MS Teams with Graph API
import files to databricks workspace
Create an Api connection to log analytics workspace via bicep
az funcapp publish .net8 Isolated breaking Azure configuration runtime settings on Sync
Is there a way to get more than 1000 Packages and versions from Azure DEVOPs Feed RESTAPI for GET Packages?
how to insert json into cosmos db collection using c#
How to grant a Managed Identity permissions to an Azure SQL Database using IaC?