how to create a logic to count the number of the same IP address in an hour with Kusto Query Language

I understand that Application Gateway can collect client IP address in access logs.

https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/web-application-firewall-logs#access-log

I would like to create a logic to count the number of the request in the same IP in an hour and send alert if it is more than 100 (maybe I will use Azure Functions to run this code every hour).

Can anyone share a sample code to achieve the goal? I believe I need to use KQL, but I am not familiar with it.

Solution

Adding an answer from our comment discussion.

You can use the below sample KQL query to pull the list of distinct Client_IP with respective count within a specific hour.

  AzureDiagnostics
| where ResourceType == "APPLICATIONGATEWAYS" and OperationName == "ApplicationGatewayAccess"
|summarize count() by clientIP_s

Azure Service Plan - Convert Consumption App to Premium App
No PK or FK when exporting SQL Server database
Assigning a Token Lifetime Policy to an application in Microsoft EntraID seems to have no effect
How to create a dataset for Azure custom speech using spx (speechCLI)
Azure App Service Autoscale Fails to Scale In
Azure Scale Out on Memory keeps flapping (not scaling in)
Setting a server minimum for Azure Web App when using automatic scaling, from Bicep
A keyvault created with access policy using BICEP creates compound identity
Azure Loadbalancer with public IP forward traffic to Container Apps
How to grant a Managed Identity permissions to an Azure SQL Database using IaC?
What means skipNegotiation in SignalR HubConnection?
Azure ClientCertificateCredential - Using SNI
Azure AI Search MultiIndex / Conditional Semantic search
MSAL Node service & The Partner Center API
Load Registered Component in Azure ML for Pipeline using Python sdk v2
Azure Blob:- How to automate Azure Archive Storage to Cool/Hot tier conversion, send download link once it's avaible , and re-archive after 72 hours?
Azure App Service Custom Backup to Firewall Enabled Storage Account not working as expected
How to take max value and replace it in drived column in data factory
Synapse/ ADF - How to Truncate table if dynamic config column is True in pre-copy script
Azure Cost Management - track costs associated with Databricks job
Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
How to check Debug.Writeline() output in VS code?
C# API - Provide download of files from Azure Blobstorage
localhost:300/api is not working : "This page isn’t working"
Creating an Azure Linux VM with Ubuntu 20.04 with Terraform
Failed to deploy path that does not exist
Using Azure WAF for my server(not in Azure)
How and where to define an environment variable on Azure
Azure Data Factory - Unable to preview data
Azure yaml trigger pipeline every 14 days on a Saturday