I am working on Splunk to Kusto Dashboard conversion . Could you please tell me how do I convert the below Splunk query to Kusto
I understood the filter for the result but I am stuck where it is summarizing with max(_time) as time by jobid | sort -time
| stats count(eval(result=="failed")) as failed count(eval(result=="succeess" OR result=="progress")) as succeeded max(_time) as time by jobid | sort -time
should be this:
| summarize failed = countif(result=="failed"),
succeeded = countif(result=="succeess" or result=="progress"),
['time'] = max(_time) by jobid
| sort by ['time'] desc