使用 where 運算子

  • 3 分鐘

Where 運算子會篩選資料表以建立滿足述詞的資料列子集。

分別試用這些查詢以查看結果。

SecurityEvent
| where TimeGenerated > ago(1d)

SecurityEvent
| where TimeGenerated > ago(1h) and EventID == "4624"

SecurityEvent
| where TimeGenerated > ago(1h)
| where EventID == 4624
| where AccountType =~ "user"

SecurityEvent | where EventID in (4624, 4625)