Contribute in GitHub:
Edit online
distinct operator
Produces a table with the distinct combination of the provided columns of the input table.
T | distinct Column1, Column2
Unlike summarize by ..., the distinct operator supports providing an asterisk (*) as the group key, making it easier to use for wide tables.
T | distinct *
Example
Shows the distinct combination of the name column
events
| project DistinctEventName=name, original_time
| where original_time > ago(24h) and isnotempty(DistinctEventName)
| distinct DistinctEventName
| sort by DistinctEventName asc
Results
| DistinctEventName |
|---|
| Adobe Products Violation |
| Content Protection Violation |
| Deny protocol reverse path check |
| Generic HTTP Cross Site Scripting Attempt |
| Module Logging Command Invocation |
| Openfire Jabber server authentication bypass |
| The processing of Group Policy failed |
| ThinkPHP Remote Code Execution Vulnerability |
| WAN Acceleration Receive Event |
| Web Server Enforcement Violation |