-
Notifications
You must be signed in to change notification settings - Fork 108
/
DataPerComputer.kql
23 lines (19 loc) · 1.11 KB
/
DataPerComputer.kql
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
//Data by agented computer, split by billable, non-billable, and total
find where TimeGenerated > ago(1d) project _BilledSize, _IsBillable, Computer, _ResourceId
| where _isBillable=true and isnotempty(Computer)
| summarize billedData = sumif(_BilledSize, _IsBillable=~true),
freeData = sumif(_BilledSize, _IsBillable=~false) by Computer
| extend Total_Data = billedData + freeData
| order by billedData desc
//Same data, converted to MB
find where TimeGenerated > ago(1d) project _BilledSize, _IsBillable, Computer, _ResourceId
| where _isBillable=true and isnotempty(Computer)
| summarize billedData = format_bytes(sumif(_BilledSize, _IsBillable=~true)),
freeData = format_bytes(sumif(_BilledSize, _IsBillable=~false)),
billedData1 = sumif(_BilledSize, _IsBillable=~true),
freeData1 = sumif(_BilledSize, _IsBillable=~false)
by Computer
| extend total_d = billedData1 + freeData1
| extend Total_Data = format_bytes(total_d)
| project-away billedData1, freeData1, total_d
| order by billedData desc