I have got a table within log analytics which application exceptions AppExceptions there are millions of records, I would like to have a group by of the InnermostMessage column and a count to give me an idea of the number of records.
In plain t-SQL, I would do something like this.
select InnermostMessage, count(*) as Count
from AppExceptions
group by InnermostMessage
where date between '' and ''
order by count(*) desc
You can use a KQL query for the same
AppExceptions
| where timestamp between(datetime('your_start_date') .. datetime('your_end_date'))
| summarize Count = count() by InnermostMessage
| order by Count descthis gives a count of records for each unique value in the InnermostMessage column within the specified date range.